{"id":"MGASA-2022-0367","summary":"Updated python packages fix security vulnerability","details":"The mailcap module does not add escape characters into commands discovered\nin the system mailcap file. (CVE-2015-20107)\nAllows an attacker to set up a malicious FTP server that can trick FTP\nclients into connecting back to a given IP address and port.\n(CVE-2021-4189)\nThe urlparse method does not sanitize input and allows characters like\n'\\r' and '\\n' in the URL path. This flaw allows an attacker to input a\ncrafted URL, leading to injection attacks.  (CVE-2022-0391)\n","modified":"2026-04-16T04:43:05.841235589Z","published":"2022-10-13T20:05:19Z","upstream":["CVE-2015-20107","CVE-2021-4189","CVE-2022-0391"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0367.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30572"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5519-1"},{"type":"WEB","url":"https://lists.suse.com/pipermail/sle-security-updates/2022-October/012483.html"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AOHEWJI4EPENRFNUSCXL2KZG7QSBH2MJ/"}],"affected":[{"package":{"name":"python","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/python?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.18-7.5.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0367.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}