python3.12-PyMySQL-1.1.0-3.el9

エラータID: AXSA:2024-9377:02

Release date: 
Friday, December 13, 2024 - 18:21
Subject: 
python3.12-PyMySQL-1.1.0-3.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython.

Security Fix(es):

* python-pymysql: SQL injection if used with untrusted JSON input (CVE-2024-36039)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.5 Release Notes linked from the References section.

CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

Solution: 

Update packages.

CVEs: 
CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.12-PyMySQL-1.1.0-3.el9.src.rpm
    MD5: 1d0318297cd8817e1ebf1170edc9b72c
    SHA-256: a95b2dff40e7be7f4f78d1d96fe969934eb4703f70926dc1ab167fab52654fba
    Size: 55.82 kB

Asianux Server 9 for x86_64
  1. python3.12-PyMySQL-1.1.0-3.el9.noarch.rpm
    MD5: a1068e173972bd3be087a1b5518457f3
    SHA-256: 9b1d3d0d4a4fe996da0dc5412ef3c9898e9a9626411fc40a45e4d8f3cf351ec1
    Size: 119.75 kB
  2. python3.12-PyMySQL+rsa-1.1.0-3.el9.noarch.rpm
    MD5: 980b40488890dbc21295d50b9b801ab5
    SHA-256: 99f26991fc2d3da5639b07af91c13e17d090d8b935f769c78f59450495a8935b
    Size: 8.06 kB