Your message dated Mon, 05 Apr 2021 13:32:30 +0000
with message-id <[email protected]>
and subject line Bug#985574: fixed in pygments 2.3.1+dfsg-1+deb10u2
has caused the Debian Bug report #985574,
regarding pygments: CVE-2021-27291
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
985574: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985574
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pygments
Version: 2.7.1+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for pygments.
CVE-2021-27291[0]:
| In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming
| languages rely heavily on regular expressions. Some of the regular
| expressions have exponential or cubic worst-case complexity and are
| vulnerable to ReDoS. By crafting malicious input, an attacker can
| cause a denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-27291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
[1]
https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pygments
Source-Version: 2.3.1+dfsg-1+deb10u2
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pygments, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated pygments package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 Mar 2021 18:33:50 +0100
Source: pygments
Binary: python-pygments python-pygments-doc python3-pygments
Architecture: source all
Version: 2.3.1+dfsg-1+deb10u2
Distribution: buster-security
Urgency: medium
Maintainer: Piotr Ożarowski <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Description:
python-pygments - syntax highlighting package written in Python
python-pygments-doc - documentation for the Pygments
python3-pygments - syntax highlighting package written in Python 3
Closes: 985574
Changes:
pygments (2.3.1+dfsg-1+deb10u2) buster-security; urgency=medium
.
* CVE-2021-27291 (Closes: #985574)
Checksums-Sha1:
d39c9a7871552b2da263c6872e221df977f60e74 2395 pygments_2.3.1+dfsg-1+deb10u2.dsc
ae9295be21b4046ba3e56c69a984b785886ebd53 10580
pygments_2.3.1+dfsg-1+deb10u2.debian.tar.xz
7be053b564927a4750658c78259ad6c7a3298564 8210
pygments_2.3.1+dfsg-1+deb10u2_amd64.buildinfo
e14fb29289862dc3520c244b2c6e05289e8c449b 249356
python-pygments-doc_2.3.1+dfsg-1+deb10u2_all.deb
ac4abfaeba38fe842dc8cdb810d9b271d7008425 595812
python-pygments_2.3.1+dfsg-1+deb10u2_all.deb
c74b69bb4682b08d9b288f7ff65475c1fcbb039b 593920
python3-pygments_2.3.1+dfsg-1+deb10u2_all.deb
Checksums-Sha256:
e436212849fb3f615e37f6b995fd4415798214da827b08eb63c287f594b706a9 2395
pygments_2.3.1+dfsg-1+deb10u2.dsc
6948e545a4a09f80a998a2c3cc6c8ff2c55f048f8b9ff2881c11f117801f793e 10580
pygments_2.3.1+dfsg-1+deb10u2.debian.tar.xz
2d15989e492958fa5a038d91b4a36e5f7e21e0d222892634a5c1894b806cb438 8210
pygments_2.3.1+dfsg-1+deb10u2_amd64.buildinfo
58165da844695b19a460453e19f4807b4ad845612bf8a2076f17eebb4d3808bd 249356
python-pygments-doc_2.3.1+dfsg-1+deb10u2_all.deb
d0828a25e10065ee360a14c5d0070c523736d1e1a488d4ab7506f1e72d0fbb5c 595812
python-pygments_2.3.1+dfsg-1+deb10u2_all.deb
d6b0e96af3f139089edb5916ef5ad2e9b229d2d9a3d81fc2c1331a42f7a29761 593920
python3-pygments_2.3.1+dfsg-1+deb10u2_all.deb
Files:
c650881db813fe57fe6fe11b383358cc 2395 python optional
pygments_2.3.1+dfsg-1+deb10u2.dsc
1e2ba5169b8caf4a790b298134439cea 10580 python optional
pygments_2.3.1+dfsg-1+deb10u2.debian.tar.xz
bde5abf9fadd47b09abfc53dd846dc89 8210 python optional
pygments_2.3.1+dfsg-1+deb10u2_amd64.buildinfo
d56c5e6a585479e8ede131223bd42050 249356 doc optional
python-pygments-doc_2.3.1+dfsg-1+deb10u2_all.deb
3ab9c0c85ca4e0fe0228c93133a4e933 595812 python optional
python-pygments_2.3.1+dfsg-1+deb10u2_all.deb
c586de40240495d507f3c8f500c52efc 593920 python optional
python3-pygments_2.3.1+dfsg-1+deb10u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBaQEUACgkQEMKTtsN8
TjYd5RAAmtx0+5Qze3x+bBbz6LXiNImtJNoxhAi2mT9QKNQyx9Ax9gr+Y9lBHGO6
syPGr+p5ON85ShDoiPoPHuFra5YMMaLvIA8MvLdZbRIOf5mInOQ+SBt1vT00RTHK
zAu61L0DGSZm7WYM19ia34W3NRinm89BIWtlUvZ1/oYbaX8kEbMHcJKucLnK39h1
MUoqIZKFs9vodSBAT+lSOIruvjhRLBgLSEHcKAL9znXCGeyYcJSnMX997plgYFu7
m1I9/yrAziw/lOqRxveJrm8R72dOpV0S7MgGUPETbypcOM6jMQDfr3Gz6qHPfxed
O5eQ9NSd0xD2uyY3f8gByGOsZH3he48uMZCT6mtPvuh3kzkBDqu8iiQ3LM92eAnq
9V/rkF5GkZxc8BXUqz5dG/cQwVyvEnD8Qol83r98AhT58iBgFADdtvpJmTifPMsi
LlJ6TssRkaV59fpdF4QSPvOKNJgY0+YZQtd4rM7ev5b68UFMZhWnHYkJ0z/eslIx
Q3Mnf6ll/VfL1CFHTS/ARWD2LjLjyXSJme2cmiLrmynh2JH8B2+jWA5xPfTvINTR
jPGhMdvrUvfrBX5Vm2lDKgVgGbdgWCACx0NfghVOtcr4ALehbfAKRL18Z15ivvdb
j8p/yxfcFAz6u22v7COmEN/4r4E3sTMpXXaFEKCXytrILoVVet4=
=DLCz
-----END PGP SIGNATURE-----
--- End Message ---