Bug 35314 - python-nltk new security issue CVE-2026-33230
Summary: python-nltk new security issue CVE-2026-33230
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2026-04-02 15:51 CEST by Nicolas Salguero
Modified: 2026-04-06 19:36 CEST (History)
3 users (show)

See Also:
Source RPM: python-nltk-3.9.3-1.mga9.src.rpm
CVE: CVE-2026-33230
Status comment:
herman.viaene: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-04-02 15:51:53 CEST 
openSUSE has issued an advisory on April 1:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/Z36Q44HZY76RE7YZX5B55777UQB6MPEI/
Nicolas Salguero 2026-04-02 15:53:08 CEST

Source RPM: (none) => python-nltk-3.9.3-1.mga10.src.rpm, python-nltk-3.9.3-1.mga9.src.rpm
CVE: (none) => CVE-2026-33230
Whiteboard: (none) => MGA9TOO
Flags: (none) => affects_mga9+
Status comment: (none) => Fixed upstream in 3.9.4

Comment 1 Nicolas Salguero 2026-04-02 16:00:11 CEST 
For Cauldron, I asked for a freeze move.


Suggested advisory:
========================

The updated package fixes a security vulnerability:

nltk Vulnerable to Cross-site Scripting. (CVE-2026-33230)

References:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/Z36Q44HZY76RE7YZX5B55777UQB6MPEI/
========================

Updated package in core/updates_testing:
========================
python3-nltk-3.9.4-1.mga9

from SRPM:
python-nltk-3.9.4-1.mga9.src.rpm

Status: NEW => ASSIGNED
Status comment: Fixed upstream in 3.9.4 => (none)
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Flags: affects_mga9+ => (none)
Assignee: bugsquad => qa-bugs
Source RPM: python-nltk-3.9.3-1.mga10.src.rpm, python-nltk-3.9.3-1.mga9.src.rpm => python-nltk-3.9.3-1.mga9.src.rpm

katnatek 2026-04-03 03:36:38 CEST

Keywords: (none) => advisory

Comment 2 Herman Viaene 2026-04-03 15:24:43 CEST 
MGA9-64 server Plasma Wayland on Compaq H000SB.
No installation issues.
Ref bug 30604, so OK on clean install.

Whiteboard: (none) => MGA9-64-OK
Flags: (none) => test_passed_mga9_64+
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2026-04-04 23:37:32 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 4 Mageia Robot 2026-04-06 19:36:44 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0082.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.