ReportLab 3.6.13 has been released on April 27, fixing a security issue: https://docs.reportlab.com/releases/notes/whats-new-3613/ The full list of changes in 3.6.x is here: https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
No one packager evident for python-reportlab, so assigning this to the python group.
Assignee: bugsquad => python
Cauldron and Mageia 8 updated in testing with 3.6.13 release. RPMs: python-reportlab-docs-3.6.13-1.mga8 python3-reportlab-3.6.13-1.mga8 Source python-reportlab-3.6.13-1.mga8
Assignee: python => qa-bugsWhiteboard: MGA8TOO => (none)Version: Cauldron => 8CC: (none) => yves.brungard_mageia
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Ref bug for testing: installed ocrfeeder under strace, opened an jpg file and exported to an odt file. Trace shows refs to reportlab. OK for me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0186.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
This is CVE-2023-33733: https://www.bleepingcomputer.com/news/security/exploit-released-for-rce-flaw-in-popular-reportlab-pdf-library/
Summary: python-reportlab new security issue fixed upstream in 3.6.13 => python-reportlab new security issue fixed upstream in 3.6.13 (CVE-2023-33733)