GNU bug report logs - #47351
python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270

Previous Next

Package: guix;

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Tue, 23 Mar 2021 23:21:02 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log


Message #12 received at 47351-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Léo Le Bouter <lle-bout <at> zaclys.net>
Cc: 47351-done <at> debbugs.gnu.org
Subject: Re: bug#47351: python-pygments <at> 2.7.3 is vulnerable to at least
 CVE-2021-20270
Date: Tue, 22 Mar 2022 22:31:58 -0400
Léo Le Bouter <lle-bout <at> zaclys.net> writes:

> CVE-2021-20270	23.03.21 18:15
> An infinite loop in SMLLexer in Pygments
> versions 1.5 to 2.7.3 may lead to denial of service when performing
> syntax highlighting of a Standard ML (SML) source file, as demonstrated
> by input that only contains the "exception" keyword.
>
> Upstream version 2.8.1 is not affected.

Which is now the current version packaged in Guix.

Thanks for the report!

Closing.

Maxim




This bug report was last modified 3 years and 113 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.