FEDORA-2019-1f17485159

security update in Fedora 29 for python-mitogen

Status: stable a month ago

Latest upstream 0.2.8

How to install

sudo dnf upgrade --advisory=FEDORA-2019-1f17485159

Comments 10

This update has been submitted for testing by carlwgeorge.

This update's test gating status has been changed to 'waiting'.

This update's test gating status has been changed to 'ignored'.

hello carlwgeorge, thank you for your efforts! are you sure this is a security update? According to nvd

CVE-2019-15149: DISPUTED core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism.

Yes, I saw that it was disputed, which is why I set the severity as low. "exploitable only in conjunction with hypothetical other factors" still sounds like a vulnerability to me, even if the probability of exploit is low.

This update has been pushed to testing.

This update can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
low
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Enabled
Dates
submitted 2 months ago
in testing 2 months ago
in stable a month ago

Related Bugs 1

00 #1743124 CVE-2019-15149 python-mitogen: mitogen: security bypass in core.py [fedora-all]

Automated Test Results