bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-2027

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-2027

From:	Léo Le Bouter
Subject:	bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270
Date:	Wed, 24 Mar 2021 00:20:14 +0100
User-agent:	Evolution 3.34.2

CVE-2021-20270  23.03.21 18:15
An infinite loop in SMLLexer in Pygments
versions 1.5 to 2.7.3 may lead to denial of service when performing
syntax highlighting of a Standard ML (SML) source file, as demonstrated
by input that only contains the "exception" keyword.

Upstream version 2.8.1 is not affected.

Because this package would cause 456 dependents to be rebuilt, I
prepared 69e3b7f4bea9ab6c9520c5b5bdc14e0388475c3d and will push soon to
staging once master is merged in it so that .guix-authorizations
contains my key. I also attached the patch (trivial).

Opening this bug to track when this lands into master

0001-gnu-python-pygments-Update-to-2.8.1-security-fixes.patch
Description: Text Data

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270, Léo Le Bouter <=

Prev by Date: bug#47342: java-xstream@1.4.15 is vulnerable to CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350 and CVE-2021-21351
Next by Date: bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327
Previous by thread: bug#47229: Hardlink mitigation limits
Next by thread: bug#47354: (build-system julia) not reproducible
Index(es):
- Date
- Thread