SUSE has issued an advisory today (May 22): https://lists.suse.com/pipermail/sle-security-updates/2023-May/014935.html The issue is fixed upstream in 2.2.5: https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 2.2.5Whiteboard: (none) => MGA8TOO
Assigning to the Python stack maintainers.
Assignee: bugsquad => python
Cauldron updated to 2.3.2 Patch applied to 1.1.2 in Mageia 8 https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965 python3-flask-1.1.2-1.1.mga8 Src: python-flask-1.1.2-1.1.mga8
CC: (none) => yves.brungard_mageiaVersion: Cauldron => 8Assignee: python => qa-bugsStatus comment: Fixed upstream in 2.2.5 => (none)
MGA8-64 MATE on Acer Aspire 5253 No installation issues. No wiki, no previous updates. Tried to find some dependent package that I have any feeling for and found pgadmin4. Launched that one under trace and operated it a little. Found no refs to python3-flask (to other python3 loads of them. This is developers area, so OK on clean install as with others, since nothing seems to suffer from this update.
Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OKCC: (none) => herman.viaene
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: MGA8TOO MGA8-64-OK => MGA8-64-OK
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0193.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED