SUSE has issued an advisory today (January 26): https://lists.suse.com/pipermail/sle-security-updates/2023-January/013536.html Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ELXQR2N4BOTGP4YQAZGZJDQMETKR6DWY/
Removing Mageia 8 from whiteboard due to EOL!
Whiteboard: MGA8TOO => MGA9TOOCC: (none) => geiger.david68210
Suggested advisory: ======================== The updated package fixes a security vulnerability: The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. (CVE-2022-42969) References: https://lists.suse.com/pipermail/sle-security-updates/2023-January/013536.html https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ELXQR2N4BOTGP4YQAZGZJDQMETKR6DWY/ ======================== Updated package in core/updates_testing: ======================== python3-py-1.11.0-2.1.mga9 from SRPM: python-py-1.11.0-2.1.mga9.src.rpm
Assignee: python => qa-bugsCVE: (none) => CVE-2022-42969CC: (none) => nicolas.salgueroWhiteboard: MGA9TOO => (none)Version: Cauldron => 9Status: NEW => ASSIGNED
MGA9-64 server Plasma Wayland on Compaq H000SB No installation issues. As stated in bug 28020 Comment 4 : python-py is a development support library. So as with others of that calibre, giving OK on clean install.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0289.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED