ALSA-2024:9194

[ALSA-2024:9194] Moderate: python3.11-PyMySQL security update

Type:

security

Severity:

moderate

Release date:

2024-11-18

Description:

This package contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPython and Jython.  

Security Fix(es):  

  * python-pymysql: SQL injection if used with untrusted JSON input (CVE-2024-36039)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Additional Changes:  

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	python3.11-PyMySQL-1.0.2-2.el9.noarch.rpm	2cff937c79794b89d5a4f880c85da6a6d8fb285441e4f198435f73dee61714a5
noarch	python3.11-PyMySQL+rsa-1.0.2-2.el9.noarch.rpm	9e2948cd6000d9f0b106ef5a3da0e49117f62d629b5e72b80bcc01f1e3a827ca

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.