python3-pygments: fix for CVE-2022-40896 - linux/poky.git

diff options

author	Narpat Mali <narpat.mali@windriver.com>	2023-08-29 14:57:53 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-09-04 04:13:24 -1000
commit	7b65658ede3253a6d22297a6c5550f1400274632 (patch)
tree	49154bfede28b2981c7acbf8060f1946a02ef16d /scripts/lib/scriptpath.py
parent	cccf6723f3188ebe1da2a85c14f63e8a9a33e776 (diff)
download	poky-7b65658ede3253a6d22297a6c5550f1400274632.tar.gz

python3-pygments: fix for CVE-2022-40896

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. The CVE issue is fixed by these 3 different commits in different version: 1. Improve the Smithy metadata matcher (These changes are already available as part of current python3-pygments_2.14.0 version): https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04 (2.14.0) 2. SQL+Jinja: use a simpler regex in analyse_text: https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194 (2.15.0) 3. Improve Java properties lexer (#2404): https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52 (2.15.1) References: https://nvd.nist.gov/vuln/detail/CVE-2022-40896 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/ (From OE-Core rev: 5a02307af5e593be864423a9f3ab309703d61dbf) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: