NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e9e600ded1
kumquat-buildroot/package/python-pygments/python-pygments.hash
Peter Korsgaard 3e47f11283 package/python-pygments: security bump to version 2.7.4 
Fixes the following security issues:

- CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to
  2.7.3 may lead to denial of service when performing syntax highlighting of
  a Standard ML (SML) source file, as demonstrated by input that only
  contains the "exception" keyword

- CVE-2021-27291: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse
  programming languages rely heavily on regular expressions.  Some of the
  regular expressions have exponential or cubic worst-case complexity and
  are vulnerable to ReDoS.  By crafting malicious input, an attacker can
  cause a denial of service

Python 2.x support was dropped in pygments 2.6, so adjust (reverse)
dependencies:

Version 2.6
-----------
(released March 8, 2020)

- Running Pygments on Python 2.x is no longer supported.
  (The Python 2 lexer still exists.)

Adjust the license hash for a change of copyright years:
a590ac5ea7

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 03c2a81231)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-06 11:23:20 +02:00

6 lines
330 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/pygments/json
md5 390a49fa0eb5486a795b2b54b9a7b666 Pygments-2.7.4.tar.gz
sha256 df49d09b498e83c1a73128295860250b0b7edd4c723a32e9bc0d295c7c2ec337 Pygments-2.7.4.tar.gz
# Locally computed sha256 checksums
sha256 c012cf17a2ba79142977c8cc5bb1497a675401bf79c2c9b95a7604e2ddfde8b8 LICENSE
Reference in New Issue View Git Blame Copy Permalink