Bug 31450 - python-mechanize new security issue CVE-2021-32837
Summary: python-mechanize new security issue CVE-2021-32837
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2023-01-23 22:07 CET by David Walser
Modified: 2023-02-07 01:08 CET (History)
7 users (show)

See Also:
Source RPM: python-mechanize-0.4.5-1.mga8.src.rpm
Status comment:


Description David Walser 2023-01-23 22:07:20 CET
openSUSE has issued an advisory today (January 23):

The issue is fixed upstream in 0.4.6.
David Walser 2023-01-23 22:07:35 CET

Status comment: (none) => Fixed upstream in 0.4.6

Comment 1 Marja Van Waes 2023-02-04 23:17:27 CET
Assigning to out Python stack maintainers, CC'ing the registered maintainer.

CC: (none) => makowski.mageia, marja11
Assignee: bugsquad => python

Comment 2 papoteur 2023-02-05 08:56:05 CET


This package is used by calibre.

Version: 8 => Cauldron
Status comment: Fixed upstream in 0.4.6 => (none)
CC: (none) => yves.brungard_mageia

papoteur 2023-02-05 08:56:33 CET

Assignee: python => qa-bugs

David Walser 2023-02-05 14:57:15 CET

Version: Cauldron => 8

Comment 3 Herman Viaene 2023-02-06 10:50:09 CET
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
This is a library for "statefull programmatic web browsing", clearly developers area.
As is does not disturb anythinf, giving the OK on clean install.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2023-02-06 21:05:51 CET
From comment 2: "This package is used by calibre."

Not knowing *how* it's used, I ran calibre before updating and looked for ways in which it interacts with the Web, thinking that would be where it might be used. I thought the most likely place was in searching for ebooks, so I tried a search for "The Hobbit," which it found in several places, including some that were for free. I tried to download an epub copy, but it failed. Details of why weren't something I understand. 

I also tried converting an existing book from epub to htmlz, though I have no idea if it would use this package, which seemed to work as designed.

There were no issues with installing the update. I performed the above tests again, with the same results, so I guess there are no new regressions.

Validating the OK.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-02-06 22:33:02 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2023-02-07 01:08:50 CET
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.