openSUSE has issued an advisory on April 26: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/T3JUAVTE5DCLOJLFBSIK3OPDOUIF7BMB/ According to Debian, the commit that solves the problem is: https://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d That commit is included into version 22.0.0. Mageia 9 is also affected.
Source RPM: (none) => python-gunicorn-21.2.0-2.mga10.src.rpmCVE: (none) => CVE-2024-1135Whiteboard: (none) => MGA9TOOStatus comment: (none) => Fixed upstream in 22.0.0 and patch available from upstream
Assigning to Python people.
Assignee: bugsquad => python
Updated in cauldron Submitting: SRPMS: python-gunicorn-22.0.0-1.mga9 RPMS: python3-gunicorn-22.0.0-1.mga9.noarch
Whiteboard: MGA9TOO => (none)Version: Cauldron => 9Status comment: Fixed upstream in 22.0.0 and patch available from upstream => (none)CC: (none) => yvesbrungardAssignee: python => qa-bugs
Keywords: (none) => advisory
RH mageia 9 x86_64 The usual "I don't know how to test" install current/update to testing test LC_ALL=C urpmi python3-gunicorn https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-gunicorn-20.1.0-3.mga9.noarch.rpm installing python3-gunicorn-20.1.0-3.mga9.noarch.rpm from /var/cache/urpmi/rpms Preparing... ################################################################################################## 1/1: python3-gunicorn ################################################################################################## LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing python3-gunicorn-22.0.0-1.mga9.noarch.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: python3-gunicorn ################################################################################################## Feel free of provide/suggest other test, not previous rounds of this package
Installed on my RPI-aarch64. Restart a gunicorn service, serving madb. All seems OK.
(In reply to papoteur from comment #4) > Installed on my RPI-aarch64. > Restart a gunicorn service, serving madb. > All seems OK. I guess this count as real case use, give OK
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0236.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED