python3.11-PyMySQL-1.0.2-2.el9

エラータID: AXSA:2024-9378:02

Release date: 
Friday, December 13, 2024 - 18:24
Subject: 
python3.11-PyMySQL-1.0.2-2.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython.

Security Fix(es):

* python-pymysql: SQL injection if used with untrusted JSON input (CVE-2024-36039)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.5 Release Notes linked from the References section.

CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

Solution: 

Update packages.

CVEs: 
CVE-2024-36039
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
Additional Info: 

N/A

Download: 

SRPMS
  1. python3.11-PyMySQL-1.0.2-2.el9.src.rpm
    MD5: a34355aa26afad237e04f51ce5b64290
    SHA-256: c57dc8a8cf0aa4e3a0078e32cec673e93498b688cce316a5ad20e6e21f161152
    Size: 53.58 kB

Asianux Server 9 for x86_64
  1. python3.11-PyMySQL-1.0.2-2.el9.noarch.rpm
    MD5: 4395a9f2c2a44ff67ed9fc99ed7b5cee
    SHA-256: eeabfb19a3f2ce6e7fb24fbdad3dc69b63be845acd7220ff90d638d20b955112
    Size: 121.29 kB
  2. python3.11-PyMySQL+rsa-1.0.2-2.el9.noarch.rpm
    MD5: 33ed94e4305ca9e41cec1ad42a36ad43
    SHA-256: 6a56ebb754684f026119f201055c9d20ae0ff0f8e70762960ae2cdedf65da54f
    Size: 7.93 kB