From unknown Thu Aug 14 21:45:01 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#47351 <47351@debbugs.gnu.org> To: bug#47351 <47351@debbugs.gnu.org> Subject: Status: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270 Reply-To: bug#47351 <47351@debbugs.gnu.org> Date: Fri, 15 Aug 2025 04:45:01 +0000 retitle 47351 python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270 reassign 47351 guix submitter 47351 L=C3=A9o Le Bouter severity 47351 normal tag 47351 security thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 23 19:20:28 2021 Received: (at submit) by debbugs.gnu.org; 23 Mar 2021 23:20:28 +0000 Received: from localhost ([127.0.0.1]:33398 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lOqK4-0000mk-JT for submit@debbugs.gnu.org; Tue, 23 Mar 2021 19:20:28 -0400 Received: from lists.gnu.org ([209.51.188.17]:42108) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lOqK1-0000mb-6d for submit@debbugs.gnu.org; Tue, 23 Mar 2021 19:20:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39710) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lOqK0-0000WA-L7 for bug-guix@gnu.org; Tue, 23 Mar 2021 19:20:24 -0400 Received: from mail.zaclys.net ([178.33.93.72]:53533) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lOqJy-0007WK-8j for bug-guix@gnu.org; Tue, 23 Mar 2021 19:20:24 -0400 Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12NNKIDS040557 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 24 Mar 2021 00:20:19 +0100 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12NNKIDS040557 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1616541619; bh=xFK9SS/fMaCzZl/n34nO2COm9Z2Z3V4Rmg02uGHC5dY=; h=Subject:From:To:Date:From; b=I2MUgkcC8vJwnHFXosHJeV2gkIH2gx8eBFnaNCixfLqciWne6dKNbLtEaNgIhGvLs zK9jsjE96RdWXSQ9mamfx6EkFTBElnamDyrxofx2K8aqUNour+Fh3/7mzMCGf2iHMZ 5O8mvS9IAIJo3LenENGhVDXPsKES7EsyXGM+21qI= Message-ID: <52ebf77423268ebf2a2bf87d524b86224ec13233.camel@zaclys.net> Subject: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270 From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: bug-guix@gnu.org Date: Wed, 24 Mar 2021 00:20:14 +0100 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-cyRdrvxeNQI1eZ2bOlG2" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Received-SPF: pass client-ip=178.33.93.72; envelope-from=lle-bout@zaclys.net; helo=mail.zaclys.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.4 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: CVE-2021-20270 23.03.21 18:15 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as de [...] Content analysis details: (1.4 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [209.51.188.17 listed in list.dnswl.org] 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 2.7 MAY_BE_FORGED Relay IP's reverse DNS does not resolve to IP X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-cyRdrvxeNQI1eZ2bOlG2 Content-Type: multipart/mixed; boundary="=-U8QfjhLediaFe8nH5rsZ" --=-U8QfjhLediaFe8nH5rsZ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable CVE-2021-20270 23.03.21 18:15 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. Upstream version 2.8.1 is not affected. Because this package would cause 456 dependents to be rebuilt, I prepared 69e3b7f4bea9ab6c9520c5b5bdc14e0388475c3d and will push soon to staging once master is merged in it so that .guix-authorizations contains my key. I also attached the patch (trivial). Opening this bug to track when this lands into master --=-U8QfjhLediaFe8nH5rsZ Content-Disposition: attachment; filename="0001-gnu-python-pygments-Update-to-2.8.1-security-fixes.patch" Content-Transfer-Encoding: base64 Content-Type: text/x-patch; name="0001-gnu-python-pygments-Update-to-2.8.1-security-fixes.patch"; charset="UTF-8" RnJvbSA2OWUzYjdmNGJlYTlhYjZjOTUyMGM1YjViZGMxNGUwMzg4NDc1YzNkIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/TD1DMz1BOW89MjBMZT0yMEJvdXRlcj89IDxs bGUtYm91dEB6YWNseXMubmV0PgpEYXRlOiBXZWQsIDI0IE1hciAyMDIxIDAwOjAxOjUyICswMTAw ClN1YmplY3Q6IFtQQVRDSF0gZ251OiBweXRob24tcHlnbWVudHM6IFVwZGF0ZSB0byAyLjguMSBb c2VjdXJpdHkgZml4ZXNdLgoKRml4ZXMgYXQgbGVhc3QgQ1ZFLTIwMjEtMjAyNzAuCgoqIGdudS9w YWNrYWdlcy9weXRob24teHl6LnNjbSAocHl0aG9uLXB5Z21lbnRzKTogVXBkYXRlIHRvIDIuOC4x LgotLS0KIGdudS9wYWNrYWdlcy9weXRob24teHl6LnNjbSB8IDQgKystLQogMSBmaWxlIGNoYW5n ZWQsIDIgaW5zZXJ0aW9ucygrKSwgMiBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9nbnUvcGFj a2FnZXMvcHl0aG9uLXh5ei5zY20gYi9nbnUvcGFja2FnZXMvcHl0aG9uLXh5ei5zY20KaW5kZXgg Y2MyMWNhYTcyMS4uYjUwNjgzZjk0MyAxMDA2NDQKLS0tIGEvZ251L3BhY2thZ2VzL3B5dGhvbi14 eXouc2NtCisrKyBiL2dudS9wYWNrYWdlcy9weXRob24teHl6LnNjbQpAQCAtMzYxOSwxNCArMzYx OSwxNCBAQCB0ZXh0IHN0eWxlcyBvZiBkb2N1bWVudGF0aW9uLiIpCiAoZGVmaW5lLXB1YmxpYyBw eXRob24tcHlnbWVudHMKICAgKHBhY2thZ2UKICAgICAobmFtZSAicHl0aG9uLXB5Z21lbnRzIikK LSAgICAodmVyc2lvbiAiMi43LjMiKQorICAgICh2ZXJzaW9uICIyLjguMSIpCiAgICAgKHNvdXJj ZQogICAgICAob3JpZ2luCiAgICAgICAgKG1ldGhvZCB1cmwtZmV0Y2gpCiAgICAgICAgKHVyaSAo cHlwaS11cmkgIlB5Z21lbnRzIiB2ZXJzaW9uKSkKICAgICAgICAoc2hhMjU2CiAgICAgICAgIChi YXNlMzIKLSAgICAgICAgICIwNW1wczlyOTY2cjNkcHF3NnpyczFubHdqZGY1eTQ5NjBobDltN2Fi d2IzcXlmbmFyd3ljIikpKSkKKyAgICAgICAgICIxNTN6eXhpZ204NzlzazJuNzFsZnYwM3kycGd4 YjdkbDBkbHNid2t6OWF5ZHhua2YybWk2IikpKSkKICAgICAoYnVpbGQtc3lzdGVtIHB5dGhvbi1i dWlsZC1zeXN0ZW0pCiAgICAgKGFyZ3VtZW50cwogICAgICA7OyBGSVhNRTogVGVzdHMgcmVxdWly ZSBzcGhpbngsIHdoaWNoIGRlcGVuZHMgb24gdGhpcy4KLS0gCjIuMzEuMAoK --=-U8QfjhLediaFe8nH5rsZ-- --=-cyRdrvxeNQI1eZ2bOlG2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBad64ACgkQRaix6GvN EKaVKw//SzqEHU4gikv/0O6/sODqx37D6pi/kbQEJKd/7mLbHG1M8VHB9lQNnz9l VKkpeop0q5jWtG1VDdi9bBfT89/kvNmjtgcPk+EMpLVGppLekzY+l0uAX43wgonf pZecjt3Bwx2NVmqwjY9/cxnutV7INKVtbVVPUuUhfNN7i9RLMECDtn/G+ECRsWzT zCbVzhvxmbnGNefbJ0RrVUUuLNq+IyXAP2vhHhDJa5169UUJ1P/Dy/ILe0JV+WEs zlewYuxlKEjwNQIUCIRHZaROIXzGChTfayV0sO+b90ub6J44k4w257u7TINaEdXg YNoiUoD6IJ5oPY5CI14EzJQxSUBKFIS+Bf4/A8PHW0N/siHMG0Z9xcwZjvIvgPtz 5QF0VrOH3q3xNU3VCL8lRsNXqsTCqXRPctaluPDWv3g2RYQUlPftr8YvMhZd4XoS TkRL/jCa60mTC38y8PjqLskw8buhjaff44PCZ2VGplprsT/vYm8Hy0C/C1D4ISBo mseOa6U8HRHfoBVEmd40uTkfMDuw2I1x5JKc130AfHqb3BAvsXyT/KDDtDQrw6u8 mc+eqmeesZFfoo+Fkah/08WRhYpOVWfP9zwr9c7bB/2KwzlOvM0CV8KfjvID1liN sWCLnNMLIEMgAklpKx56jhAQx2SxkO6OEqxy2uVof0sKxARqEts= =10Ve -----END PGP SIGNATURE----- --=-cyRdrvxeNQI1eZ2bOlG2-- From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 23 19:24:07 2021 Received: (at control) by debbugs.gnu.org; 23 Mar 2021 23:24:07 +0000 Received: from localhost ([127.0.0.1]:33409 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lOqNb-0000t9-B7 for submit@debbugs.gnu.org; Tue, 23 Mar 2021 19:24:07 -0400 Received: from mail.zaclys.net ([178.33.93.72]:47529) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lOqNZ-0000se-Ou for control@debbugs.gnu.org; Tue, 23 Mar 2021 19:24:06 -0400 Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12NNO066040663 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 24 Mar 2021 00:24:00 +0100 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12NNO066040663 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1616541840; bh=0Jh274rYtlm88aEE8wU1yXEmRjsIzi9vgf8Yj0YPYJw=; h=Subject:From:To:Date:From; b=gy2Hzo2GiDJrsOXCD7zw/j0UTAPH64GPdAzg6mcxep7TURQApgR4FfpEKED5oehL5 HdPpcNNcIMrQ8CuOFxeDsjryVkprf1km4zemSfYpumgHjZ+R2fb2Pcw5wxwLKvpRic DjZFGuS2DEiSWC7RV9jZbR6s/jPLuLGWH0CJ6KVM= Message-ID: <1eaa5f6976597f26f6164708aa56848fcf014145.camel@zaclys.net> Subject: From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: control@debbugs.gnu.org Date: Wed, 24 Mar 2021 00:23:59 +0100 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-TCtlpDUob40bYepxiYdI" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-Spam-Score: 3.0 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: tags 47351 + security quit Content analysis details: (3.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 2.0 BLANK_SUBJECT Subject is present but empty 1.0 BODY_EMPTY No body text in message X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 2.0 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: tags 47351 + security quit Content analysis details: (2.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager 2.0 BLANK_SUBJECT Subject is present but empty 1.0 BODY_EMPTY No body text in message --=-TCtlpDUob40bYepxiYdI Content-Type: text/plain Content-Transfer-Encoding: quoted-printable tags 47351 + security quit --=-TCtlpDUob40bYepxiYdI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBaeI8ACgkQRaix6GvN EKapIw//ffuWgSqh84TbrB7K7JIgm3IyXG5lUjzw1gx7mIjkmGW8YReiubw/luOU r0WIU56a8PIbYp7U1f708r3QmYnFw9knMGZieXg9lbQrqB+x9pYLjusaKNImH93E KUi3oOAA/ECV+59BHJfXCRzkwpxDq4U65D1QYUUCSg572l2VvwOgb2aZJzVdeqLs d3CS3aNtbXgM6uZnGRmbzdiw8esj8qJFIwohDFp2okQ/q/NCod6hFmnKkI5ahaXA ja58TPOjCdtn3xS318aOekS+7u0CYR6Gt2VEGDBAkzNCCyRpbfUtDzrP5JAefjqD z1t7vD4ciTTSO7YAC25YYGA/pQwL0QuoyAvLR0GRLhY3KWBdhLvLHQuJ1IT/4u+9 xH7II1pqApF0RcLWQD9QCYKhfAs9VBAWcAm7O57qpYeOSM+hjTgtZCr/af+j+9+i k815/W6nJsKF0ZBtlGXnBdl1gy8jyWrLP31zahzXhyMZw2NS9kEY+3mj0WyWeQNp 9jb8fD2t4eGWM5bjyNDfBi47nF+cgxwhQ3beUHCe4N0enWpqaXmgHkQxafy82P4R OpQMiE8IV5Ym0HXHygbABCNuRqZyWEUnTXkvdT9Ssz7lOdZk3srdLBRjAS3ASMfh v5fF1e5js273a73+LPAIH5aXxM2PgBDKFw5Pc2rQxQSIZ4N6vZI= =fTcJ -----END PGP SIGNATURE----- --=-TCtlpDUob40bYepxiYdI-- From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 22 22:32:09 2022 Received: (at 47351-done) by debbugs.gnu.org; 23 Mar 2022 02:32:09 +0000 Received: from localhost ([127.0.0.1]:42267 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nWqnA-0000L1-Pb for submit@debbugs.gnu.org; Tue, 22 Mar 2022 22:32:09 -0400 Received: from mail-qk1-f173.google.com ([209.85.222.173]:43850) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nWqn8-0000EP-NF for 47351-done@debbugs.gnu.org; Tue, 22 Mar 2022 22:32:07 -0400 Received: by mail-qk1-f173.google.com with SMTP id p25so131609qkj.10 for <47351-done@debbugs.gnu.org>; Tue, 22 Mar 2022 19:32:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=IDMpBb/RbgM62T00L/EA1Er6Jq3q0MH7o1pYbSJLBAM=; b=cI4+yN3wNLdcFrppNjn8JAlSz1DnzcuWtQ8A54iv6paGcPHbJc+SMYF+VQqaaOgUg5 9WeAU2Zlz9GM3JgDOAJkw1IJ1M+l7hlvAhs4c8AC52jKoLkBYhp707kw/LxDfDxSn+mK YnYHu1++sylLdnixXi8F8uXivOmItWmQjWH1NsA2SSVd5WF8D2sHhAKgJUnc5C8l3foD t8+pUABd2BFpDsQg25fTWwe1VoMkcDBFn/8MwlrPy6cD2tQHHsUQMAntrPwJ+rBeIuvW 4BWkHqDhsLg6D+JOKMDieinQhTGJKxB4jOQlY8lQ8ijGBH7BJ4ILPu2Josb0WhB8mxwB 3cYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=IDMpBb/RbgM62T00L/EA1Er6Jq3q0MH7o1pYbSJLBAM=; b=S0L22pAWsX0d9NG3HVs1Pi/O8j8FiUASLiE+lin0FMzwxBlzWK/0sMiQvvSkzltTr1 BkFcUNbB/WWeLtcLurvT//YP3Djiy2o+RKkijpsX4yueYhFjEeaHsfQjfKGbjlxPv4QE 4t0dU+pQIMFurfJ8sw8m9KcXYzSGv/fb/HUXdy08yBLwX+1OGupv3f7PQAdAAFVGxdPw zWMq1RcmFNF85KW+q9Wdih15IBkbJaFylXl81JvlzSGZsA9VTLtKQAEOJccUJRGoVDDU Q5IuS/XkxST6YECGBP17ZRE1RYCUI2IIe4yx3PGb5FgHLxvqNq/zH0LnyO+IatcDf0OP zNaA== X-Gm-Message-State: AOAM531PUWcvu08+37MBdAGxTrytFBVM8N8fdO6/ta5wymxix1r+aGHk 7d4HUoMpA6lg2cFpgQtwxIdvEIsdVFg= X-Google-Smtp-Source: ABdhPJwDe/9gjdJOkpF3Ro4zrEQ7skiGNp19v2XY4mgcdUaQdLbdUAAoks5hEImvAujx/kMLnwZXCw== X-Received: by 2002:a05:620a:29d1:b0:67d:551a:f790 with SMTP id s17-20020a05620a29d100b0067d551af790mr17268348qkp.770.1648002721104; Tue, 22 Mar 2022 19:32:01 -0700 (PDT) Received: from hurd (dsl-10-129-199.b2b2c.ca. [72.10.129.199]) by smtp.gmail.com with ESMTPSA id g5-20020ac87f45000000b002e125ef0ba3sm14860979qtk.82.2022.03.22.19.31.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Mar 2022 19:31:59 -0700 (PDT) From: Maxim Cournoyer To: =?utf-8?Q?L=C3=A9o?= Le Bouter Subject: Re: bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270 References: <52ebf77423268ebf2a2bf87d524b86224ec13233.camel@zaclys.net> Date: Tue, 22 Mar 2022 22:31:58 -0400 In-Reply-To: <52ebf77423268ebf2a2bf87d524b86224ec13233.camel@zaclys.net> (=?utf-8?Q?=22L=C3=A9o?= Le Bouter"'s message of "Wed, 24 Mar 2021 00:20:14 +0100") Message-ID: <878rt11js1.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 47351-done Cc: 47351-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) L=C3=A9o Le Bouter writes: > CVE-2021-20270 23.03.21 18:15 > An infinite loop in SMLLexer in Pygments > versions 1.5 to 2.7.3 may lead to denial of service when performing > syntax highlighting of a Standard ML (SML) source file, as demonstrated > by input that only contains the "exception" keyword. > > Upstream version 2.8.1 is not affected. Which is now the current version packaged in Guix. Thanks for the report! Closing. Maxim From unknown Thu Aug 14 21:45:01 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 20 Apr 2022 11:24:10 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator