Commit 34727812 authored Nov 10, 2022 by Narpat Mali Committed by Steve Sakoman Nov 10, 2022

python3-mako: backport fix for CVE-2022-40023

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service
when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-40023

Reference to Upstream Patch:
https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c



Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

parent c7eb6da6

Hide whitespace changes

Inline Side-by-side

Please register or to comment