Ubuntu has issued an advisory on September 5: https://ubuntu.com/security/notices/USN-6991-1
Fix: https://github.com/aio-libs/aiohttp/commit/9118a5831e8a65b8c839eb7e4ac983e040ff41df
Status comment: (none) => Fixed upstream in 3.9.2 and patch available from uptreamSource RPM: (none) => python-aiohttp-3.8.3-3.1.mga9.src.rpmCVE: (none) => CVE-2024-23334
Assigning to our Python Stack Maintainers, CC'ing our registered maintainer.
URL: (none) => https://ubuntu.com/security/notices/USN-6991-1CC: (none) => marja11, pterjanAssignee: bugsquad => python
SUSE has issued an advisory on November 27: https://lists.suse.com/pipermail/sle-security-updates/2024-November/019855.html
Status comment: Fixed upstream in 3.9.2 and patch available from uptream => Fixed upstream in 3.10.11 and patch available from uptreamSummary: python-aiohttp new security issue CVE-2024-23334 => python-aiohttp new security issues CVE-2024-23334 and CVE-2024-52304Source RPM: python-aiohttp-3.8.3-3.1.mga9.src.rpm => python-aiohttp-3.10.10-1.mga10.src.rpm, python-aiohttp-3.8.3-3.1.mga9.src.rpmCVE: CVE-2024-23334 => CVE-2024-23334, CVE-2024-52304Whiteboard: (none) => MGA9TOOVersion: 9 => Cauldron
Fixed in Cauldron with 3.11.9 version
Source RPM: python-aiohttp-3.10.10-1.mga10.src.rpm, python-aiohttp-3.8.3-3.1.mga9.src.rpm => python-aiohttp-3.8.3-3.1.mga9.src.rpmVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)CC: (none) => yvesbrungard
Submitting: SRPMS: python-aiohttp-3.8.3-3.2.mga9 RPMS: python3-aiohttp+speedups-3.8.3-3.2.mga9 python3-aiohttp-3.8.3-3.2.mga9
Status comment: Fixed upstream in 3.10.11 and patch available from uptream => (none)QA Contact: security => qa-bugs
QA Contact: qa-bugs => securityAssignee: python => qa-bugs
Keywords: (none) => advisory
RH x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Nonfree 32bit Updates (distrib37)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing python3-aiohttp+speedups-3.8.3-3.2.mga9.x86_64.rpm python3-aiohttp-3.8.3-3.2.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/2: python3-aiohttp ################################################################################################## 2/2: python3-aiohttp+speedups ################################################################################################## 1/2: removing python3-aiohttp+speedups-3.8.3-3.1.mga9.x86_64 ################################################################################################## 2/2: removing python3-aiohttp-3.8.3-3.1.mga9.x86_64 ################################################################################################## Reference bug#28490 python3 aio_http_server.py ======== Running on http://0.0.0.0:8080 ======== (Press CTRL+C to quit) In other terminal python3 aio_http_client.py Status: 200 Content-type: text/html; charset=utf-8 Body: <!doctype html> ... Open in the browser http://0.0.0.0:8080 Hello, Anonymous Looks good consistent also with previous update bug#33174
Whiteboard: (none) => MGA9-64-OKCC: (none) => andrewsfarm
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0388.html
Status: NEW => RESOLVEDResolution: (none) => FIXED