Latest upstream 0.2.8
sudo dnf upgrade --advisory=FEDORA-2019-1f17485159
This update has been submitted for testing by carlwgeorge.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
hello carlwgeorge, thank you for your efforts!
are you sure this is a security update? According to nvd
CVE-2019-15149: DISPUTED core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism.
Yes, I saw that it was disputed, which is why I set the severity as low. "exploitable only in conjunction with hypothetical other factors" still sounds like a vulnerability to me, even if the probability of exploit is low.
ok, thank you!
This update has been pushed to testing.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
This update has been pushed to stable.
Please login to add feedback.
Confirm request to re-trigger tests.
Copyright © 2007-2019 Red Hat, Inc. and
bodhi is Free Software.
if you have any problems. Read the documentation.