2327067 – CVE-2023-44270 python-nbdime: Improper input validation in PostCSS [fedora-41]

Bug 2327067 - CVE-2023-44270 python-nbdime: Improper input validation in PostCSS [fedora-41]

Summary: CVE-2023-44270 python-nbdime: Improper input validation in PostCSS [fedora-41]

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	python-nbdime
Sub Component:
Version:	41
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jerry James
QA Contact:
Docs Contact:
URL:
Whiteboard:	{"flaws": ["50e4275e-9f35-4fcd-a6bf-0...
Depends On:
Blocks:	CVE-2023-44270
TreeView+	depends on / blocked

Reported:	2024-11-18 17:48 UTC by Marco Benatto
Modified:	2024-11-18 18:24 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-11-18 18:24:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Marco Benatto 2024-11-18 17:48:40 UTC

More information about this security flaw is available in the following bug:

https://bugzilla.redhat.com/show_bug.cgi?id=2326998

Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Jerry James 2024-11-18 18:20:22 UTC

Trying to access bug 2326998 gives me a "not authorized" message.  It doesn't do much good to tell me there is a bug, but the details are in some other bug I can't look at, eh?

Comment 2 Jerry James 2024-11-18 18:24:40 UTC

According to https://nvd.nist.gov/vuln/detail/cve-2023-44270, this bug affects versions of PostCSS before 8.4.31.  The current builds of python-nbdime in Fedora 40, 41, and 42 use PostCSS 8.4.45, so are presumably unaffected.

Note You need to log in before you can comment on or make changes to this bug.