ReportLab 3.6.13 has been released on April 27, fixing a security issue:
The full list of changes in 3.6.x is here:
Mageia 8 is also affected.
No one packager evident for python-reportlab, so assigning this to the python group.
Cauldron and Mageia 8 updated in testing with 3.6.13 release.
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Ref bug for testing: installed ocrfeeder under strace, opened an jpg file and exported to an odt file. Trace shows refs to reportlab.
OK for me.
An update for this issue has been pushed to the Mageia Updates repository.
This is CVE-2023-33733:
python-reportlab new security issue fixed upstream in 3.6.13 =>
python-reportlab new security issue fixed upstream in 3.6.13 (CVE-2023-33733)