openSUSE has issued an advisory on March 8: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UERV2PU6W5DFFKA4ORZASCPJ2ZDGYTBX/
Flags: (none) => affects_mga9+Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2026-0847Status comment: (none) => Fixed upstream in 3.9.3Source RPM: (none) => python-nltk-3.8.1-4.mga10.src.rpm, python-nltk-3.8.1-1.mga9.src.rpm
Our v3.8.1 is 3y old, so an update to v3.9.3 looks overdue!
Assignee: bugsquad => python
I push the new version in cauldron and submitted it also in Mageia 9. Waiting for the builds.
CC: (none) => yves.brungard
Suggested advisory: ======================== The updated package fixes a security vulnerability: Path Traversal in nltk/nltk. (CVE-2026-0847) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UERV2PU6W5DFFKA4ORZASCPJ2ZDGYTBX/ ======================== Updated package in core/updates_testing: ======================== python3-nltk-3.9.3-1.mga9 from SRPM: python-nltk-3.9.3-1.mga9.src.rpm
Source RPM: python-nltk-3.8.1-4.mga10.src.rpm, python-nltk-3.8.1-1.mga9.src.rpm => python-nltk-3.8.1-1.mga9.src.rpmStatus comment: Fixed upstream in 3.9.3 => (none)Flags: affects_mga9+ => (none)Assignee: python => qa-bugsStatus: NEW => ASSIGNEDVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)
MGA9-64 server Plasma Wayland on Compaq H000SB. No installation issues. Ref bug 30604, so OK on clean install.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaeneFlags: (none) => test_passed_mga9_64+
A session according to first page of the project: python Python 3.10.18 (main, Dec 8 2025, 12:59:32) [GCC 12.3.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import nltk >>> sentence = """At eight o'clock on Thursday morning ... ... Arthur didn't feel very good.""" >>> tokens = nltk.word_tokenize(sentence) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.10/site-packages/nltk/tokenize/__init__.py", line 142, in word_tokenize sentences = [text] if preserve_line else sent_tokenize(text, language) File "/usr/lib/python3.10/site-packages/nltk/tokenize/__init__.py", line 119, in sent_tokenize tokenizer = _get_punkt_tokenizer(language) File "/usr/lib/python3.10/site-packages/nltk/tokenize/__init__.py", line 105, in _get_punkt_tokenizer return PunktTokenizer(language) File "/usr/lib/python3.10/site-packages/nltk/tokenize/punkt.py", line 1744, in __init__ self.load_lang(lang) File "/usr/lib/python3.10/site-packages/nltk/tokenize/punkt.py", line 1749, in load_lang lang_dir = find(f"tokenizers/punkt_tab/{lang}/") File "/usr/lib/python3.10/site-packages/nltk/data.py", line 696, in find raise LookupError(resource_not_found) LookupError: ********************************************************************** Resource 'punkt_tab' not found. Please use the NLTK Downloader to obtain the resource: >>> import nltk >>> nltk.download('punkt_tab') For more information see: https://www.nltk.org/data.html Attempted to load 'tokenizers/punkt_tab/english/' Searched in: - '/home/yves/nltk_data' - '/usr/nltk_data' - '/usr/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/share/nltk_data' - '/usr/local/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/local/lib/nltk_data' ********************************************************************** >>> sentence = """At eight o'clock on Thursday morning Arthur didn't feel very good.""" >>> tokens = nltk.word_tokenize(sentence) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.10/site-packages/nltk/tokenize/__init__.py", line 142, in word_tokenize sentences = [text] if preserve_line else sent_tokenize(text, language) File "/usr/lib/python3.10/site-packages/nltk/tokenize/__init__.py", line 119, in sent_tokenize tokenizer = _get_punkt_tokenizer(language) File "/usr/lib/python3.10/site-packages/nltk/tokenize/__init__.py", line 105, in _get_punkt_tokenizer return PunktTokenizer(language) File "/usr/lib/python3.10/site-packages/nltk/tokenize/punkt.py", line 1744, in __init__ self.load_lang(lang) File "/usr/lib/python3.10/site-packages/nltk/tokenize/punkt.py", line 1749, in load_lang lang_dir = find(f"tokenizers/punkt_tab/{lang}/") File "/usr/lib/python3.10/site-packages/nltk/data.py", line 696, in find raise LookupError(resource_not_found) LookupError: ********************************************************************** Resource 'punkt_tab' not found. Please use the NLTK Downloader to obtain the resource: >>> import nltk >>> nltk.download('punkt_tab') For more information see: https://www.nltk.org/data.html Attempted to load 'tokenizers/punkt_tab/english/' Searched in: - '/home/yves/nltk_data' - '/usr/nltk_data' - '/usr/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/share/nltk_data' - '/usr/local/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/local/lib/nltk_data' ********************************************************************** >>> nltk.download('punkt_tab') [nltk_data] Downloading package punkt_tab to /home/yves/nltk_data... [nltk_data] Unzipping tokenizers/punkt_tab.zip. True >>> tokens = nltk.word_tokenize(sentence) >>> tokens ['At', 'eight', "o'clock", 'on', 'Thursday', 'morning', 'Arthur', 'did', "n't", 'feel', 'very', 'good', '.'] >>> tagged = nltk.pos_tag(tokens) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.10/site-packages/nltk/tag/__init__.py", line 168, in pos_tag tagger = _get_tagger(lang) File "/usr/lib/python3.10/site-packages/nltk/tag/__init__.py", line 110, in _get_tagger tagger = PerceptronTagger() File "/usr/lib/python3.10/site-packages/nltk/tag/perceptron.py", line 183, in __init__ self.load_from_json(lang, loc) File "/usr/lib/python3.10/site-packages/nltk/tag/perceptron.py", line 281, in load_from_json loc = find(f"taggers/averaged_perceptron_tagger_{lang}/") File "/usr/lib/python3.10/site-packages/nltk/data.py", line 696, in find raise LookupError(resource_not_found) LookupError: ********************************************************************** Resource 'averaged_perceptron_tagger_eng' not found. Please use the NLTK Downloader to obtain the resource: >>> import nltk >>> nltk.download('averaged_perceptron_tagger_eng') For more information see: https://www.nltk.org/data.html Attempted to load 'taggers/averaged_perceptron_tagger_eng/' Searched in: - '/home/yves/nltk_data' - '/usr/nltk_data' - '/usr/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/share/nltk_data' - '/usr/local/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/local/lib/nltk_data' ********************************************************************** >>> KeyboardInterrupt >>> tagged = nltk.pos_tag(tokens) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.10/site-packages/nltk/tag/__init__.py", line 168, in pos_tag tagger = _get_tagger(lang) File "/usr/lib/python3.10/site-packages/nltk/tag/__init__.py", line 110, in _get_tagger tagger = PerceptronTagger() File "/usr/lib/python3.10/site-packages/nltk/tag/perceptron.py", line 183, in __init__ self.load_from_json(lang, loc) File "/usr/lib/python3.10/site-packages/nltk/tag/perceptron.py", line 281, in load_from_json loc = find(f"taggers/averaged_perceptron_tagger_{lang}/") File "/usr/lib/python3.10/site-packages/nltk/data.py", line 696, in find raise LookupError(resource_not_found) LookupError: ********************************************************************** Resource 'averaged_perceptron_tagger_eng' not found. Please use the NLTK Downloader to obtain the resource: >>> import nltk >>> nltk.download('averaged_perceptron_tagger_eng') For more information see: https://www.nltk.org/data.html Attempted to load 'taggers/averaged_perceptron_tagger_eng/' Searched in: - '/home/yves/nltk_data' - '/usr/nltk_data' - '/usr/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/share/nltk_data' - '/usr/local/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/local/lib/nltk_data' ********************************************************************** >>> nltk.download('averaged_perceptron_tagger_eng') [nltk_data] Downloading package averaged_perceptron_tagger_eng to [nltk_data] /home/yves/nltk_data... [nltk_data] Unzipping taggers/averaged_perceptron_tagger_eng.zip. True >>> tagged = nltk.pos_tag(tokens) >>> tagged[0:6] [('At', 'IN'), ('eight', 'CD'), ("o'clock", 'NN'), ('on', 'IN'), ('Thursday', 'NNP'), ('morning', 'NN')] >>> from nltk.corpus import treebank >>> t = treebank.parsed_sents('wsj_0001.mrg')[0] Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/nltk/corpus/util.py", line 85, in __load root = nltk.data.find(f"{self.subdir}/{zip_name}") File "/usr/lib/python3.10/site-packages/nltk/data.py", line 696, in find raise LookupError(resource_not_found) LookupError: ********************************************************************** Resource 'treebank' not found. Please use the NLTK Downloader to obtain the resource: >>> import nltk >>> nltk.download('treebank') For more information see: https://www.nltk.org/data.html Attempted to load 'corpora/treebank.zip/treebank/combined/' Searched in: - '/home/yves/nltk_data' - '/usr/nltk_data' - '/usr/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/share/nltk_data' - '/usr/local/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/local/lib/nltk_data' ********************************************************************** During handling of the above exception, another exception occurred: Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.10/site-packages/nltk/corpus/util.py", line 129, in __getattr__ self.__load() File "/usr/lib/python3.10/site-packages/nltk/corpus/util.py", line 87, in __load raise e File "/usr/lib/python3.10/site-packages/nltk/corpus/util.py", line 82, in __load root = nltk.data.find(f"{self.subdir}/{self.__name}") File "/usr/lib/python3.10/site-packages/nltk/data.py", line 696, in find raise LookupError(resource_not_found) LookupError: ********************************************************************** Resource 'treebank' not found. Please use the NLTK Downloader to obtain the resource: >>> import nltk >>> nltk.download('treebank') For more information see: https://www.nltk.org/data.html Attempted to load 'corpora/treebank/combined' Searched in: - '/home/yves/nltk_data' - '/usr/nltk_data' - '/usr/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/share/nltk_data' - '/usr/local/share/nltk_data' - '/usr/lib/nltk_data' - '/usr/local/lib/nltk_data' ********************************************************************** >>> nltk.download('treebank') [nltk_data] Downloading package treebank to /home/yves/nltk_data... [nltk_data] Unzipping corpora/treebank.zip. True >>> t = treebank.parsed_sents('wsj_0001.mrg')[0] >>> t.draw() ---------- A tree is displayed in a window ------------------ Thus, OK
Keywords: (none) => advisory
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2026-0057.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED