31763 – python-flask-restx new security issues fixed upstream in 1.1.0

Bug 31763 - python-flask-restx new security issues fixed upstream in 1.1.0

Summary: python-flask-restx new security issues fixed upstream in 1.1.0

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2023-04-05 02:51 CEST by David Walser
Modified:	2023-04-15 21:05 CEST (History)
CC List:	6 users (show)

See Also:
Source RPM:	python-flask-restx-0.5.1-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-04-05 02:51:46 CEST

Fedora has issued an advisory on April 1:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AZVWMLO633IKUEQYVR6WOLOCGPLCSHOX/

Version 1.1.0 fixes unspecified security issues:
https://github.com/python-restx/flask-restx/releases/tag/1.1.0

Mageia 8 is also affected.

David Walser 2023-04-05 02:51:58 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 Marja Van Waes 2023-04-05 17:50:52 CEST

Assigning to our Python stack maintainers.

CC: (none) => marja11
Assignee: bugsquad => python

Comment 2 papoteur 2023-04-06 09:02:10 CEST

1.1.0 is building for cauldron.

CC: (none) => yves.brungard_mageia

Comment 3 papoteur 2023-04-06 09:19:22 CEST

This new version requires python-werkzeug > 2, but we have 1.0.1 in Mageia 8.
Should we update it too? This is probably the whole flask stack which uses it.

Comment 4 David Walser 2023-04-06 14:20:31 CEST

Probably, we'll just have to be careful about anything that depends on werkzeug.

Comment 5 papoteur 2023-04-07 15:52:51 CEST

python3-flask-restx-1.1.0-1.mga8.noarch.rpm is now built.
There is no change in the dependence for python-werkzeug which should only be different from 2.0.0, what is badly translated in requirements.

Assignee: python => qa-bugs
Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 6 David Walser 2023-04-07 17:36:47 CEST

SRPM:
python-flask-restx-1.1.0-1.mga8

Source RPM: python-flask-restx-0.5.1-3.mga9.src.rpm => python-flask-restx-0.5.1-1.mga8.src.rpm

Comment 7 Herman Viaene 2023-04-11 15:18:05 CEST

MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Ref bug 29509 OK on clean install.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 8 Thomas Andrews 2023-04-11 20:04:50 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-04-15 19:08:00 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 9 Mageia Robot 2023-04-15 21:05:26 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0142.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.