Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 900202 (CVE-2021-29063)

Summary: <dev-python/mpmath-1.3.0: ReDoS vulnerability in mpmathify
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: grozin, mgorny, python, sci-mathematics
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 900765    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-03-07 16:57:48 UTC 
From 1.3.0 release notes:
"""
Security issues:

    Fixed ReDOS vulnerability in mpmathify() (CVE-2021-29063) (Vinzent Steinberg)
"""
Comment 1 Larry the Git Cow gentoo-dev 2023-03-07 16:58:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22cecdc3bf96930e5f433b7219e0db338fd7a43a

commit 22cecdc3bf96930e5f433b7219e0db338fd7a43a
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-03-07 16:57:57 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-03-07 16:58:20 +0000

    dev-python/mpmath: add 1.3.0
    
    Bug: https://bugs.gentoo.org/900202
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-python/mpmath/Manifest            |  1 +
 dev-python/mpmath/mpmath-1.3.0.ebuild | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2023-03-11 09:52:32 UTC 
cleanup done.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-16 19:39:22 UTC 
ReDoS -> noglsa. Closing.