{"id":"MGASA-2021-0386","summary":"Updated python3 packages fix security vulnerabilities","details":"Update python3 to 3.8.11 to fix several security issues. Fixes in 3.8.10 are\nalso included.\n\nBundled pip and setuptools were updated in 3.8.11 so python-pip needs to be\nupdated to 21.1.3 and python-setuptools to 56.2.0 at the same time.\n\nAlso, we fix the following issue:\n\nIn Python before 3.9.5, the ipaddress library mishandles leading zero\ncharacters in the octets of an IP address string. This (in some situations)\nallows attackers to bypass access control that is based on IP addresses\n(CVE-2021-29921).\n","modified":"2026-04-16T04:40:56.700947939Z","published":"2021-07-27T20:21:53Z","upstream":["CVE-2021-29921"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0386.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29288"},{"type":"WEB","url":"https://docs.python.org/release/3.8.11/whatsnew/changelog.html#changelog"},{"type":"WEB","url":"https://docs.python.org/release/3.8.10/whatsnew/changelog.html#changelog"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4973-1"},{"type":"WEB","url":"https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html"}],"affected":[{"package":{"name":"python-pip","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python-pip?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.1.3-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0386.json"}},{"package":{"name":"python-setuptools","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python-setuptools?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"56.2.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0386.json"}},{"package":{"name":"python3","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python3?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.11-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0386.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}