Fedora Account System
Red Hat Associate
Red Hat Customer
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c https://pyup.io/vulnerabilities/CVE-2022-40023/50870/ https://github.com/sqlalchemy/mako/issues/366 https://github.com/sqlalchemy/mako/blob/c2f392e0be52dc67d1b9770ab8cce6a9c736d547/mako/ext/extract.py#L21 https://lists.debian.org/debian-lts-announce/2022/09/msg00026.html
Created python-pecan tracking bugs for this issue: Affects: epel-all [bug 2128979] Affects: fedora-all [bug 2128978]
Created python-pecan tracking bugs for this issue: Affects: openstack-rdo [bug 2128981]
This package is a wayland notification daemon, not the python templating library: this bug is in the wrong place.
You want the python-mako [1] package - adding its maintainer to the CC list. [1] https://src.fedoraproject.org/rpms/python-mako
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2258 https://access.redhat.com/errata/RHSA-2023:2258
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2893 https://access.redhat.com/errata/RHSA-2023:2893
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-40023