Univention Bugzilla – Bug 52967
pygments: Multiple issues (4.4)
Last modified: 2021-03-24 15:59:00 CET
New Debian pygments 2.2.0+dfsg-1+deb9u2 fixes: This update addresses the following issue: * ReDos via crafted malicious input (CVE-2021-27291)
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/pygments_2.2.0+dfsg-1+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/pygments_2.2.0+dfsg-1+deb9u2.dsc @@ -1,3 +1,9 @@ +2.2.0+dfsg-1+deb9u2 [Fri, 19 Mar 2021 15:16:12 +0000] Chris Lamb <lamby@debian.org>: + + * CVE-2021-27291: Prevent a number of issues with regular expressions with + exponential or cubic worst-case complexity which could cause a Denial of + Service (DoS) attack. + 2.2.0+dfsg-1+deb9u1 [Fri, 12 Mar 2021 10:32:37 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/4.4-7/#4813984094150963720>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] b9db157d89 Bug #52967: pygments 2.2.0+dfsg-1+deb9u2 doc/errata/staging/pygments.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x926>