Bug 2196183 (CVE-2023-27043)
| Summary: | CVE-2023-27043 python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sandipan Roy <saroy> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | cstratak, gsuckevi, hhorak, jorton, lbalhar, lmlikith, python-maint, sbalasub |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2196184, 2196185, 2196186, 2196187, 2196188, 2196190, 2196191, 2196192, 2196193, 2196194, 2196200, 2196201, 2196202, 2196203, 2196204, 2196205, 2196206, 2196207, 2196208, 2196209, 2196210, 2196211, 2196212 | ||
| Bug Blocks: | 2193413 | ||
|
Description
Sandipan Roy
2023-05-08 09:20:38 UTC
Created mingw-python3 tracking bugs for this issue: Affects: fedora-all [bug 2196185] Created python2.7 tracking bugs for this issue: Affects: fedora-all [bug 2196186] Created python3.10 tracking bugs for this issue: Affects: fedora-all [bug 2196187] Created python3.11 tracking bugs for this issue: Affects: fedora-all [bug 2196188] Created python3.12 tracking bugs for this issue: Affects: fedora-all [bug 2196190] Created python3.6 tracking bugs for this issue: Affects: fedora-all [bug 2196191] Created python3.7 tracking bugs for this issue: Affects: fedora-all [bug 2196192] Created python3.8 tracking bugs for this issue: Affects: fedora-all [bug 2196193] Created python3.9 tracking bugs for this issue: Affects: fedora-all [bug 2196194] Created python34 tracking bugs for this issue: Affects: epel-7 [bug 2196184] We have investigated the problem in the original patch that was reverted and proposed a solution. There is a new PR addressing this but it's progressing slowly. We are closely monitoring it. https://github.com/python/cpython/pull/108250 The previously merged and then reverted patch demonstrates that we should be very careful with fixes like this. FEDORA-2023-87771f4249 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2023-c0bf8c0c4e has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0256 https://access.redhat.com/errata/RHSA-2024:0256 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0466 https://access.redhat.com/errata/RHSA-2024:0466 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:0454 https://access.redhat.com/errata/RHSA-2024:0454 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0430 https://access.redhat.com/errata/RHSA-2024:0430 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0586 https://access.redhat.com/errata/RHSA-2024:0586 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2292 https://access.redhat.com/errata/RHSA-2024:2292 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2985 https://access.redhat.com/errata/RHSA-2024:2985 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3062 https://access.redhat.com/errata/RHSA-2024:3062 |