Bug 31745 - python-markdown-it-py new security issue CVE-2023-26302
Summary: python-markdown-it-py new security issue CVE-2023-26302
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Python Stack Maintainers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-30 23:41 CEST by David Walser
Modified: 2023-04-03 13:59 CEST (History)
3 users (show)

See Also:
Source RPM: python-markdown-it-py-2.1.0-1.mga9.src.rpm
CVE:
Status comment: Fixed upstream in 2.2.0

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-03-30 23:41:42 CEST 
Fedora has issued an advisory today (March 30):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WKDHZWDWILHZQ2GUZZ7CGBO6FVO46OLX/

The issue is fixed upstream in 2.2.0.

Mageia 8 is also affected.
David Walser 2023-03-30 23:41:53 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 2.2.0

Comment 1 Marja Van Waes 2023-04-02 10:56:30 CEST 
Assigning to the Python stack maintainers, CC'ing the registered maintainer

CC: (none) => makowski.mageia, marja11
Assignee: bugsquad => python

Comment 2 papoteur 2023-04-02 13:32:48 CEST 
This package doesn't exist in Mageia 8.
It's building in 2.2.0 for cauldron.

CC: (none) => yves.brungard_mageia
Whiteboard: MGA8TOO => (none)

Comment 3 papoteur 2023-04-03 13:59:38 CEST 
The package is built and moved in Core

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.