Closed gaccardo closed 6 months ago
The CVE you cite (CVE-2022-40897) was fixed in python3-setuptools-59.6.0-2.amzn2023.0.4:
bash-5.2# rpm -q system-release ; rpm -q --changelog python3-setuptools | head -n3
system-release-2023.3.20231218-0.amzn2023.noarch
* Thu Jun 22 2023 Sai Harsha <ssuryad@amazon.com> - 59.6.0-2.amzn2023.0.4
- Fix CVE-2022-40897
As per https://explore.alas.aws.amazon.com/CVE-2022-40897.html this has been fixed in https://alas.aws.amazon.com/AL2023/ALAS-2023-245.html
So the CVE mentioned is fixed in Amazon Linux 2023.
ahhh snap :)
Describe the bug python3-setuptools version 59.6.0-2.amzn2023.0.4 has vulnerabilities reported.
To Reproduce Steps to reproduce the behavior:
Expected behavior I'd like to be able to use at least version 65.5.1 of python3-setuptools, which is a version wihout know vulns and also the version provided for python3.11-setuptools.
Desktop (please complete the following information):