{"id":"RLSA-2022:7581","summary":"Moderate: python38:3.8 and python38-devel:3.8 security update","details":"Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es):\n\n* python: mailcap: findmatch() function does not sanitize the second argument (CVE-2015-20107)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.","modified":"2026-03-11T06:18:54.874200Z","published":"2022-11-08T06:23:36Z","upstream":["CVE-2015-20107"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2022:7581"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2075390"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2086141"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2090006"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095265"}],"affected":[{"package":{"name":"babel","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/babel?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.0-11.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"Cython","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.29.14-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"mod_wsgi","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.6.8-4.module+el8.7.0+1063+20f2b9a4"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"numpy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.17.3-6.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"pytest","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.6.6-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python38","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python38?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.8.13-1.module+el8.7.0+1063+20f2b9a4"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python3x-pip","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:19.3.1-6.module+el8.7.0+1063+20f2b9a4"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python3x-pyparsing","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-pyparsing?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.5-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python3x-setuptools","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:41.6.0-5.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python3x-six","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-six?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.12.0-10.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-asn1crypto","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-asn1crypto?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.0-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-atomicwrites","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-atomicwrites?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.0-8.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-attrs","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:19.3.0-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-cffi","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-cffi?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.13.2-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-chardet","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.0.4-19.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-cryptography","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8-3.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-cryptography","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-idna","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8-6.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-jinja2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.11.3-1.module+el8.7.0+1063+20f2b9a4"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-lxml","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.4.1-7.module+el8.6.0+794+eba84017"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-markupsafe","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1.1-6.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-more-itertools","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-more-itertools?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.2.0-5.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-packaging","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-packaging?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:19.2-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-pluggy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.13.0-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-ply","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-ply?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.11-10.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-psutil","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.6.4-4.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-psycopg2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8.4-4.module+el8.6.0+794+eba84017"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-psycopg2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8.4-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-py","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.8.0-8.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-pycparser","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pycparser?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-PyMySQL","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.1-1.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-PyMySQL","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.1-1.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-pysocks","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.1-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-requests","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.22.0-9.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-urllib3","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.25.7-5.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-wcwidth","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-wcwidth?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.1.7-16.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"python-wheel","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.33.6-6.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"pytz","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2019.3-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"PyYAML","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.4.1-1.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"PyYAML","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.4.1-1.module+el8.4.0+574+843c4898"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"scipy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.1-4.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}},{"package":{"name":"scipy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.1-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:7581.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}