bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-2027

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-2027

From:	Maxim Cournoyer
Subject:	bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270
Date:	Tue, 22 Mar 2022 22:31:58 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Léo Le Bouter <lle-bout@zaclys.net> writes:

> CVE-2021-20270        23.03.21 18:15
> An infinite loop in SMLLexer in Pygments
> versions 1.5 to 2.7.3 may lead to denial of service when performing
> syntax highlighting of a Standard ML (SML) source file, as demonstrated
> by input that only contains the "exception" keyword.
>
> Upstream version 2.8.1 is not affected.

Which is now the current version packaged in Guix.

Thanks for the report!

Closing.

Maxim

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47351: python-pygments@2.7.3 is vulnerable to at least CVE-2021-20270, Maxim Cournoyer <=

Prev by Date: bug#47420: binutils is vulnerable to CVE-2021-20197 (and various others)
Next by Date: bug#47319: python-lxml is vulnerable to CVE-2021-28957
Previous by thread: bug#47420: binutils is vulnerable to CVE-2021-20197 (and various others)
Next by thread: bug#47319: python-lxml is vulnerable to CVE-2021-28957
Index(es):
- Date
- Thread