Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 827634 (GHSL-2021-117)

Summary: <dev-python/python-ldap-3.4.0: ReDoS via specially-crafted LDAP schema
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 827638    
Bug Blocks:    

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-11-26 20:49:45 UTC 
+Security fixes:
+* Fix inefficient regular expression which allows denial-of-service attacks
+  when parsing specially-crafted LDAP schema.
+  (GHSL-2021-117)

https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-11-29 14:45:32 UTC 
cleanup done
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-01 01:17:27 UTC 
Thanks!
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2022-10-22 15:32:32 UTC 
noglsa and resolve?