mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-02-02 06:48:43 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Narpat Mali	7b65658ede	python3-pygments: fix for CVE-2022-40896 A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. The CVE issue is fixed by these 3 different commits in different version: 1. Improve the Smithy metadata matcher (These changes are already available as part of current python3-pygments_2.14.0 version): `dd52102c38` (2.14.0) 2. SQL+Jinja: use a simpler regex in analyse_text: `97eb3d5ec7` (2.15.0) 3. Improve Java properties lexer (#2404): `fdf182a7af` (2.15.1) References: https://nvd.nist.gov/vuln/detail/CVE-2022-40896 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/ (From OE-Core rev: 5a02307af5e593be864423a9f3ab309703d61dbf) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-09-04 04:13:24 -10:00

Narpat Mali

7b65658ede

python3-pygments: fix for CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments
through 2.15.0 via SmithyLexer.

The CVE issue is fixed by these 3 different commits in different version:
1. Improve the Smithy metadata matcher (These changes are already available as part
   of current python3-pygments_2.14.0 version):
dd52102c38 (2.14.0)
2. SQL+Jinja: use a simpler regex in analyse_text:
97eb3d5ec7 (2.15.0)
3. Improve Java properties lexer (#2404):
fdf182a7af (2.15.1)

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-40896
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/

(From OE-Core rev: 5a02307af5e593be864423a9f3ab309703d61dbf)

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-09-04 04:13:24 -10:00

1 Commits