openSUSE has issued an advisory on June 13: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RRNRD64XAZJHFLB6MHKCGUBBVTIA3E7V/ The fix is: https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8 Mageia 9 is also affected.
Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2024-5206Source RPM: (none) => python-scikit-learn-1.4.2-2.mga10.src.rpmStatus comment: (none) => Fixed upstream in 1.5.0 and patch available from openSUSE and upstream
Note also the fixed new version 1.5.0. To Python stack maintainers.
Assignee: bugsquad => python
Done for both mga9 and Cauldron adding security patch!
CC: (none) => geiger.david68210Version: Cauldron => 9Whiteboard: MGA9TOO => (none)
Assigning to QA, Packages in 9/Core/Updates_testing: ====================== python3-scikit-learn-1.1.2-2.1.mga9 From SRPMS: python-scikit-learn-1.1.2-2.1.mga9.src.rpm
Assignee: python => qa-bugs
Keywords: (none) => advisory
RH mageia 9 x86_64 The basic Install current version/update/remove test LC_ALL=C urpmi python3-scikit-learn To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release (distrib1)") python3-joblib 1.2.0 1.mga9 noarch python3-numpy-f2py 1.24.3 1.mga9 x86_64 python3-scikit-learn 1.1.2 2.mga9 x86_64 python3-threadpoolctl 3.1.0 1.mga9 noarch (medium "Core Updates (distrib3)") lib64python3-devel 3.10.11 1.2.mga9 x86_64 lib64python3.10-testsuite 3.10.11 1.2.mga9 x86_64 (recommended) python3-docs 3.10.11 1.2.mga9 noarch (recommended) python3-scipy 1.9.1 2.1.mga9 x86_64 tkinter3 3.10.11 1.2.mga9 x86_64 (recommended) 227MB of additional disk space will be used. 44MB of packages will be retrieved. Proceed with the installation of the 9 packages? (Y/n) y https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-scikit-learn-1.1.2-2.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-numpy-f2py-1.24.3-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-threadpoolctl-3.1.0-1.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-joblib-1.2.0-1.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/python3-scipy-1.9.1-2.1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/lib64python3-devel-3.10.11-1.2.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/tkinter3-3.10.11-1.2.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/python3-docs-3.10.11-1.2.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/lib64python3.10-testsuite-3.10.11-1.2.mga9.x86_64.rpm installing lib64python3.10-testsuite-3.10.11-1.2.mga9.x86_64.rpm python3-numpy-f2py-1.24.3-1.mga9.x86_64.rpm python3-joblib-1.2.0-1.mga9.noarch.rpm python3-threadpoolctl-3.1.0-1.mga9.noarch.rpm python3-scipy-1.9.1-2.1.mga9.x86_64.rpm python3-docs-3.10.11-1.2.mga9.noarch.rpm tkinter3-3.10.11-1.2.mga9.x86_64.rpm lib64python3-devel-3.10.11-1.2.mga9.x86_64.rpm python3-scikit-learn-1.1.2-2.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ################################################################################################## 1/9: tkinter3 ################################################################################################## 2/9: lib64python3.10-testsuite ################################################################################################## 3/9: python3-docs ################################################################################################## 4/9: lib64python3-devel ################################################################################################## 5/9: python3-numpy-f2py ################################################################################################## 6/9: python3-scipy ################################################################################################## 7/9: python3-threadpoolctl ################################################################################################## 8/9: python3-joblib ################################################################################################## 9/9: python3-scikit-learn ################################################################################################## LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date updated medium "QA Testing (64-bit)" medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing python3-scikit-learn-1.1.2-2.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: python3-scikit-learn ################################################################################################## 1/1: removing python3-scikit-learn-1.1.2-2.mga9.x86_64 ################################################################################################## LC_ALL=C urpme python3-scikit-learn removing python3-scikit-learn-1.1.2-2.1.mga9.x86_64 removing package python3-scikit-learn-1.1.2-2.1.mga9.x86_64 1/1: removing python3-scikit-learn-1.1.2-2.1.mga9.x86_64 ################################################################################################## The following packages: lib64python3-devel-3.10.11-1.2.mga9.x86_64 lib64python3.10-testsuite-3.10.11-1.2.mga9.x86_64 python3-docs-3.10.11-1.2.mga9.noarch python3-joblib-1.2.0-1.mga9.noarch python3-numpy-f2py-1.24.3-1.mga9.x86_64 python3-scipy-1.9.1-2.1.mga9.x86_64 python3-threadpoolctl-3.1.0-1.mga9.noarch tkinter3-3.10.11-1.2.mga9.x86_64 are now orphaned, if you wish to remove them, you can use "urpme --auto-orphans" LC_ALL=C urpme --auto-orphans --auto removing lib64python3-devel-3.10.11-1.2.mga9.x86_64 lib64python3.10-testsuite-3.10.11-1.2.mga9.x86_64 python3-docs-3.10.11-1.2.mga9.noarch python3-joblib-1.2.0-1.mga9.noarch python3-numpy-f2py-1.24.3-1.mga9.x86_64 python3-scipy-1.9.1-2.1.mga9.x86_64 python3-threadpoolctl-3.1.0-1.mga9.noarch tkinter3-3.10.11-1.2.mga9.x86_64 removing package python3-scipy-1.9.1-2.1.mga9.x86_64 1/8: removing python3-scipy-1.9.1-2.1.mga9.x86_64 ################################################################################################## removing package python3-numpy-f2py-1:1.24.3-1.mga9.x86_64 2/8: removing python3-numpy-f2py-1:1.24.3-1.mga9.x86_64 ################################################################################################## removing package python3-threadpoolctl-3.1.0-1.mga9.noarch 3/8: removing python3-threadpoolctl-3.1.0-1.mga9.noarch ################################################################################################## removing package python3-joblib-1.2.0-1.mga9.noarch 4/8: removing python3-joblib-1.2.0-1.mga9.noarch ################################################################################################## removing package lib64python3-devel-3.10.11-1.2.mga9.x86_64 5/8: removing lib64python3-devel-3.10.11-1.2.mga9.x86_64 ################################################################################################## removing package python3-docs-3.10.11-1.2.mga9.noarch 6/8: removing python3-docs-3.10.11-1.2.mga9.noarch ################################################################################################## removing package lib64python3.10-testsuite-3.10.11-1.2.mga9.x86_64 7/8: removing lib64python3.10-testsuite-3.10.11-1.2.mga9.x86_64 ################################################################################################## removing package tkinter3-3.10.11-1.2.mga9.x86_64 8/8: removing tkinter3-3.10.11-1.2.mga9.x86_64 ################################################################################################## Feel free to provide other test if you can
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues This is python development stuff and the subject is way over my head (anyone got any better??), so as in previous such cases OK on clean install and no obvious repercussions on my system.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Time to call to the boss
CC: (none) => andrewsfarm
This package is required by orange, a complex data mining and analysis program. There are many multi-part videos on Youtube on "getting started" with orange, showing just how complex it is. In Bug 30956, Herman attempted to use orange to test another component, and wound up sending that component on with a clean install. I think we can do that here, too. Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0228.html
Status: NEW => RESOLVEDResolution: (none) => FIXED