openSUSE has issue an advisory on August 19: https://lists.suse.com/pipermail/sle-security-updates/2024-August/019276.html Upstream fix: https://github.com/Pylons/webob/commit/f689bcf4f0a1f64f1735b1d5069aef5be6974b5b
Status comment: (none) => Fixed upstream in 1.8.8 and patch available from upstream and openSUSECVE: (none) => CVE-2024-42353Whiteboard: (none) => MGA9TOOSource RPM: (none) => python-webob-1.8.7-5.mga10.src.rpm
Assigning to the Python Stack maintainers, CC'ing the registered maintainer.
Assignee: bugsquad => pythonURL: (none) => https://lists.suse.com/pipermail/sle-security-updates/2024-August/019276.htmlCC: (none) => makowski.mageia, marja11
Fixed both mga9 and Cauldron! Assigning to QA, Packages in 9/Core/Updates_testing: ====================== python3-webob-1.8.8-1.mga9.noarch.rpm From SRPMS: python3-webob-1.8.8-1.mga9.src.rpm
CC: (none) => geiger.david68210Assignee: python => qa-bugs
Whiteboard: MGA9TOO => (none)Source RPM: python-webob-1.8.7-5.mga10.src.rpm => python-webobVersion: Cauldron => 9
Source RPM: python-webob => python3-webob
Keywords: (none) => advisory
RH x86_64 LC_ALL=C urpmi --auto --auto-update updated medium "QA Testing (64-bit)" medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing python3-webob-1.8.8-1.mga9.noarch.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: python3-webob ################################################################################################## 1/1: removing python3-webob-1.8.7-4.mga9.noarch ################################################################################################## Not sure how to test the issue neither how to test the packages requiring this urpmq --whatrequires python3-webob|uniq mnemosyne openlp python3-osprofiler python3-pecan python3-pyramid python3-routes python3-webob python3-webtest python3-wsme Requiring you view on this Thomas
CC: (none) => andrewsfarm
The recursive list isn't much more help: ceph-mgr mnemosyne openlp pyff python3-osprofiler python3-pecan python3-pyramid python3-routes python3-webob python3-webtest python3-wsme After looking at descriptions in drakrpm, and a couple of places on the web, this looks to be a bit beyond QA. OKing and validating based on the clean install.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA9-64-OKCC: (none) => sysadmin-bugs
The .adv file is missing the packages.
CC: (none) => dan
(In reply to Dan Fandrich from comment #5) > The .adv file is missing the packages. Fixed
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0308.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED