Bug 31667 - python-owslib new security issue CVE-2023-27476
Summary: python-owslib new security issue CVE-2023-27476
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK
Keywords: validated_update
Depends on:
Reported: 2023-03-14 02:49 CET by David Walser
Modified: 2023-03-18 20:51 CET (History)
4 users (show)

See Also:
Source RPM: python-owslib-0.25.0-2.mga9.src.rpm
Status comment:


Description David Walser 2023-03-14 02:49:43 CET
Fedora has issued an advisory today (March 13):

The issue is fixed upstream in 0.28.1:

Mageia 8 is also affected.
David Walser 2023-03-14 02:49:56 CET

Status comment: (none) => Fixed upstream in 0.28.1
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-03-14 20:13:11 CET
Think this is OK to assign to daviddavid, registered packager for python-owslib.

Assignee: bugsquad => geiger.david68210

Comment 2 David GEIGER 2023-03-14 20:35:09 CET
Done for both mga8 and Cauldron!

Freeze_move requested for Cauldron!
Comment 3 David Walser 2023-03-15 01:59:34 CET
Mageia 8 update:

from python-owslib-0.28.1-1.mga8.src.rpm

Cauldron pending freeze move.
Comment 4 David GEIGER 2023-03-17 02:52:21 CET
Assigning to QA

Assignee: geiger.david68210 => qa-bugs

David Walser 2023-03-17 02:54:51 CET

CC: (none) => geiger.david68210
Status comment: Fixed upstream in 0.28.1 => (none)
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 5 Len Lawrence 2023-03-18 20:31:20 CET
Mageia8, x86_64

Installed the release version of the package and qgis which is the only major package which depends on it.  qgis appears to be a framework for the development of specialised web based maps and services involving geolocation and other resources.

The qgis interface launched OK.
Updated the package and checked qgis again.
It launches and shows a news panel and a template panel from which new projects can be developed.

There is little more that can be done with this without a wider knowledge of the subject but it looks useable.  Giving this the go-ahead.

CC: (none) => tarazed25
Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2023-03-18 20:51:53 CET

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Note You need to log in before you can comment on or make changes to this bug.