FEDORA-2019-1f17485159 created by carlwgeorge 8 months ago for Fedora 29
stable

Latest upstream 0.2.8

How to install

sudo dnf upgrade --advisory=FEDORA-2019-1f17485159

This update has been submitted for testing by carlwgeorge.

8 months ago

This update's test gating status has been changed to 'waiting'.

8 months ago

This update's test gating status has been changed to 'ignored'.

8 months ago
User Icon sreuter commented & provided feedback 8 months ago

hello carlwgeorge, thank you for your efforts! are you sure this is a security update? According to nvd

CVE-2019-15149: DISPUTED core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism.

User Icon carlwgeorge commented & provided feedback 8 months ago

Yes, I saw that it was disputed, which is why I set the severity as low. "exploitable only in conjunction with hypothetical other factors" still sounds like a vulnerability to me, even if the probability of exploit is low.

User Icon sreuter commented & provided feedback 8 months ago

ok, thank you!

This update has been pushed to testing.

8 months ago

This update can be pushed to stable now if the maintainer wishes

7 months ago

This update has been submitted for stable by bodhi.

7 months ago

This update has been pushed to stable.

7 months ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
8 months ago
in testing
8 months ago
in stable
7 months ago
BZ#1743124 CVE-2019-15149 python-mitogen: mitogen: security bypass in core.py [fedora-all]
0
0

Automated Test Results