Assignig to the registered maintainer, CC'ing the Python Stack maintainers.

Assignee: bugsquad => cooker
CC: (none) => marja11, python

Suggested advisory:
========================

The updated package fixes security vulnerabilities:

Log Injection Vulnerability in corydolphin/flask-cors. (CVE-2024-1681)

Improper Access Control in corydolphin/flask-cors. (CVE-2024-6221)

Improper Regex Path Matching in corydolphin/flask-cors. (CVE-2024-6839)

Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors. (CVE-2024-6844)

Case-Insensitive Path Matching in corydolphin/flask-cors. (CVE-2024-6866)

References:
https://ubuntu.com/security/notices/USN-7612-1
========================

Updated package in core/updates_testing:
========================
python3-flask-cors-3.0.10-1.1.mga9

from SRPM:
python-flask-cors-3.0.10-1.1.mga9.src.rpm

Version: Cauldron => 9
Status comment: Patches available from Ubuntu => (none)
Status: NEW => ASSIGNED
Assignee: cooker => qa-bugs
Source RPM: python-flask-cors-5.0.0-4.mga10.src.rpm, python-flask-cors-3.0.10-1.mga9.src.rpm => python-flask-cors-3.0.10-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)

LC_ALL=C urpmi python3-flask-cors
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "QA Testing (64-bit)")
  python3-flask-cors             3.0.10       1.1.mga9      noarch  
(medium "Core Release")
  python3-blinker                1.6.2        1.mga9        noarch  
  python3-click                  8.1.3        1.mga9        noarch  
  python3-flask                  2.3.2        1.mga9        noarch  
  python3-itsdangerous           2.1.2        1.mga9        noarch  
(medium "Core Updates")
  python3-werkzeug               3.0.6        1.mga9        noarch  
3.2MB of additional disk space will be used.
763KB of packages will be retrieved.
Proceed with the installation of the 6 packages? (Y/n) y


    https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-flask-2.3.2-1.mga9.noarch.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-click-8.1.3-1.mga9.noarch.rpm            
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-itsdangerous-2.1.2-1.mga9.noarch.rpm     
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python3-blinker-1.6.2-1.mga9.noarch.rpm          
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/python3-werkzeug-3.0.6-1.mga9.noarch.rpm         
installing /var/cache/urpmi/rpms/python3-flask-2.3.2-1.mga9.noarch.rpm                                                                
/var/cache/urpmi/rpms/python3-click-8.1.3-1.mga9.noarch.rpm
/var/cache/urpmi/rpms/python3-werkzeug-3.0.6-1.mga9.noarch.rpm
/var/cache/urpmi/rpms/python3-itsdangerous-2.1.2-1.mga9.noarch.rpm
//home/katnatek/qa-testing/x86_64/python3-flask-cors-3.0.10-1.1.mga9.noarch.rpm
/var/cache/urpmi/rpms/python3-blinker-1.6.2-1.mga9.noarch.rpm
Preparing...                     ####################################################################################################
      1/6: python3-blinker       ####################################################################################################
      2/6: python3-itsdangerous  ####################################################################################################
      3/6: python3-werkzeug      ####################################################################################################
      4/6: python3-click         ####################################################################################################
      5/6: python3-flask         ####################################################################################################
      6/6: python3-flask-cors    ####################################################################################################


urpmq --whatrequires python3-flask-cors
openlp
openlp
python3-flask-cors

urpmq -pi openlp
Name        : openlp
Version     : 3.0.2
Release     : 1.mga9
Group       : Publishing
Size        : 19411579                     Architecture: noarch
Source RPM  : openlp-3.0.2-1.mga9.src.rpm
URL         : https://openlp.org/
Summary     : Open source Church presentation and lyrics projection application
Description :
openlp is a church presentation software, for lyrics projection software,
used to display slides of Songs, Bible verses, videos, images, and
presentations via LibreOffice using a computer and projector.

I ignore how oenlp works, so I let in clean install

Whiteboard: (none) => MGA9-64-OK

I don't have a projector for my computer, either. Clean install will have to be close enough.

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0286.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED