Debian-LTS has issued an advisory on February 21: https://www.debian.org/lts/security/2023/dla-3331 The issue is fixed upstream in 39.0.1: https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r I'm wondering if the the python-crypto package is affected, as it has the same version as the Debian-LTS package that was patched in their advisory. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 39.0.1Whiteboard: (none) => MGA8TOO
Assigning to Python stack maintainers.
Assignee: bugsquad => python
Pushed python-cryptography-3.3.1-1.2.mga8 to mga8 core/updates_testing with backported upstream patch to fix the issue. SRPMS: python-cryptography-3.3.1-1.2.mga8 RPMS: python3-cryptography-3.3.1-1.2.mga8
CC: (none) => jani.valimaa
Pushed python-cryptography-39.0.1-1.mga9 to cauldron.
Source RPM: python-cryptography-39.0.0-1.mga9.src.rpm => python-cryptography-3.3.1-1.1.mga8Version: Cauldron => 8Assignee: python => qa-bugsWhiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 39.0.1 => (none)
MGA8-64 Plasma VirtualBox guest. No installation issues. Referenced Bug 28384 and others for test procedure: $ python -c 'import cryptography;print(cryptography.__version__)' 3.3.1 $ python3 -c 'import cryptography;print(cryptography.__version__)' 3.3.1 Looks good here. OKing and validating.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0071.html
Status: NEW => RESOLVEDResolution: (none) => FIXED