openSUSE has issued an advisory on January 12: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IGHX26DHDGC7IY7BPCKVDKZVN6LM7RCQ/ Mageia 8 is also affected.
Status comment: (none) => Patch available from openSUSEWhiteboard: (none) => MGA8TOO
Ubuntu has issued an advisory for this on January 31: https://ubuntu.com/security/notices/USN-5833-1 The issue is fixed upstream in 0.18.3.
Status comment: Patch available from openSUSE => Fixed upstream in 0.18.3Severity: normal => major
Cauldron updated with 0.18.3 Mageia 8 updated in testing with the same. python3-future-0.18.3-1.mga8 Source: python-future-0.18.3-1.mga8
Whiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 0.18.3 => (none)CC: (none) => yves.brungard_mageiaVersion: Cauldron => 8
Assignee: python => qa-bugs
Tested in VirtualBox. No installation issues. No previous updates, so I sought information on the Web, where I came across https://python-future.org/ where on the home page I saw this: "python-future is the missing compatibility layer between Python 2 and Python 3. It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead." Sure sounds like developer territory to me. Scrolling down the documentation's table of contents, it looks like enough there for a good semester college course. All very much beyond the scope of QA. Calling this OK based on a clean install over the existing version, and it doesn't seem to have made my Vbox guest explode. Validating.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0030.html
Status: NEW => RESOLVEDResolution: (none) => FIXED