+* #3659: Fixed REDoS vector in package_index. > As described through PSRT channel, it may end in a DoS if an user is fetching malicious HTML from a package in PyPI or custom PackageIndex page. https://github.com/pypa/setuptools/issues/3659
cleanup done.
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=49959bcac23a9f3214baf5919f43e5744cb0a6d5 commit 49959bcac23a9f3214baf5919f43e5744cb0a6d5 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-05 06:37:49 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-05 06:38:17 +0000 [ GLSA 202405-10 ] Setuptools: Denial of Service Bug: https://bugs.gentoo.org/879813 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-10.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)