Fedora: Security Advisory for rust-python-launcher (FEDORA-2024-ce2936b568)

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.886499");
  script_version("2024-06-07T05:05:42+0000");
  # TODO: No CVE assigned yet.
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"last_modification", value:"2024-06-07 05:05:42 +0000 (Fri, 07 Jun 2024)");
  script_tag(name:"creation_date", value:"2024-05-27 10:42:16 +0000 (Mon, 27 May 2024)");
  script_name("Fedora: Security Advisory for rust-python-launcher (FEDORA-2024-ce2936b568)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC40");

  script_xref(name:"Advisory-ID", value:"FEDORA-2024-ce2936b568");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VWBADGDUBRA3T4TEFMM7ZXZZVQGMFVOY");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'rust-python-launcher'
  package(s) announced via the FEDORA-2024-ce2936b568 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"The Python Launcher for Unix.

Launch your Python interpreter the lazy/smart way!

This launcher is an implementation of the py command for Unix-based platforms.

The goal is to have py become the cross-platform command that Python users
typically use to launch an interpreter while doing development.
By having a command that is version-agnostic when it comes to Python,
it side-steps the 'what should the python command point to?' debate by clearly
specifying that upfront (i.e. the newest version of Python that can be found).
This also unifies the suggested command to document for launching Python on
both Windows as Unix as py has existed as the preferred command on Windows
since 2012 with the release of Python 3.3.

Typical usage would be:

    py -m venv .venv
    py ...  # Whatever you would normally use `python` for during development.

This creates a virtual environment in a .venv directory using the latest
version of Python installed. Subsequent uses of py will then use that virtual
environment as long as it is in the current (or higher) directory,
no environment activation required (although the Python Launcher supports
activated environments as well)!

A non-goal of this launcher is to become the way to launch the Python
interpreter all the time. If you know the exact interpreter you want to
launch then you should launch it directly, same goes for when you have
requirements on the type of interpreter you want.
The Python Launcher should be viewed as a tool of convenience, not necessity.");

  script_tag(name:"affected", value:"'rust-python-launcher' package(s) on Fedora 40.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "FC40") {

  if(!isnull(res = isrpmvuln(pkg:"rust-python-launcher", rpm:"rust-python-launcher~1.0.0~12.fc40", rls:"FC40"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);