Fedora has issued an advisory on June 21: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ375SF7FQYZCXBVGMYYQXBL5RK5ORGD/ Fixed by: https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b (v78.1.1)
Status comment: (none) => Patch available from Fedora and upstreamWhiteboard: (none) => MGA9TOOSource RPM: (none) => python-setuptools-65.5.0-3.1.mga9.src.rpmCVE: (none) => CVE-2025-47273
Fix URL given; over to Python.
Assignee: bugsquad => python
Suggested advisory: ======================== The updated packages fix a security vulnerability: Setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write. (CVE-2025-47273) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ375SF7FQYZCXBVGMYYQXBL5RK5ORGD/ ======================== Updated packages in core/updates_testing: ======================== python-setuptools-wheel-65.5.0-3.2.mga9 python3-setuptools-65.5.0-3.2.mga9 from SRPM: python-setuptools-65.5.0-3.2.mga9.src.rpm
Status: NEW => ASSIGNEDStatus comment: Patch available from Fedora and upstream => (none)Assignee: python => qa-bugsWhiteboard: MGA9TOO => (none)
MGA9-64 Plasma. To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "QA Testing (64-bit)") python-setuptools-wheel 65.5.0 3.2.mga9 noarch python3-setuptools 65.5.0 3.2.mga9 noarch 269B of additional disk space will be used. 1.9MB of packages will be retrieved. Proceed with the installation of the 2 packages? (Y/n) installing python3-setuptools-65.5.0-3.2.mga9.noarch.rpm python-setuptools-wheel-65.5.0-3.2.mga9.noarch.rpm from //home/tom/qa-testing/x86_64 Preparing... ###################################################################################################################################################### 1/2: python-setuptools-wheel ###################################################################################################################################################### 2/2: python3-setuptools ###################################################################################################################################################### 1/2: removing python-setuptools-wheel-65.5.0-3.1.mga9.noarch ###################################################################################################################################################### 2/2: removing python3-setuptools-65.5.0-3.1.mga9.noarch ###################################################################################################################################################### A clean update was sufficient for bug 31421, so it's good enough here. Validating.
Whiteboard: (none) => MGA9-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0288.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED