Univention Bugzilla – Bug 55223
mako: Multiple issues (5.0)
Last modified: 2022-09-29 12:38:54 CEST
New Debian mako 1.0.7+ds1-1+deb10u1 fixes: This update addresses the following issue: * Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. (CVE-2022-40023)
--- mirror/ftp/pool/main/m/mako/mako_1.0.7+ds1-1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/mako_1.0.7+ds1-1+deb10u1.dsc @@ -1,3 +1,8 @@ +1.0.7+ds1-1+deb10u1 [Wed, 21 Sep 2022 13:10:32 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2022-40023: denial of service via crafted regex. + 1.0.7+ds1-1 [Fri, 14 Jul 2017 16:44:18 +0200] Piotr Ożarowski <piotr@debian.org>: * New upstream release <http://piuparts.knut.univention.de/5.0-2/#1780888870769102042>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x435>