{"id":"MGASA-2020-0249","summary":"Updated python-typed-ast packages fix security vulnerability","details":"Updated python-typed-ast package fixes security vulnerabilities:\n\ntyped_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds\nread. An attacker with the ability to cause a Python interpreter to\nparse Python source (but not necessarily execute it) may be able to crash\nthe interpreter process. This could be a concern, for example, in a\nweb-based service that parses (but does not execute) Python code \n(CVE-2019-19274).\n\ntyped_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An\nattacker with the ability to cause a Python interpreter to parse Python\nsource but not necessarily execute it) may be able to crash the\ninterpreter process. This could be a concern, for example, in a web-based\nservice that parses (but does not execute) Python code (CVE-2019-19275).\n","modified":"2026-02-01T04:57:02.975551Z","published":"2020-06-10T22:26:12Z","related":["CVE-2019-19274","CVE-2019-19275"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0249.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26590"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2020-05/msg00001.html"}],"affected":[{"package":{"name":"python-typed-ast","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/python-typed-ast?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.1-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0249.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}