Description: "A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality."
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cda063145cccc62b96bc09f2b423e449d6dc134a commit cda063145cccc62b96bc09f2b423e449d6dc134a Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-12-12 08:41:56 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-12-12 09:09:38 +0000 dev-python/py: Backport CVE-2020-29651 fix Closes: https://bugs.gentoo.org/759547 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/py/files/py-1.9.0-cve-2020-29651.patch | 31 ++++++++++++++++++++++ .../py/{py-1.9.0-r1.ebuild => py-1.9.0-r2.ebuild} | 4 +++ 2 files changed, 35 insertions(+)
Sorry about that.
Thank you!