SUSE-SU-2024:2481-1

Опубликовано: 15 июл. 2024

Источник: suse-cvrf

Описание

Security update for python-black

This update for python-black fixes the following issues:

Updated to version 24.3.0:

CVE-2024-21503: Fixed a performance downgrade on docstrings that contain large numbers of leading tab characters (bsc#1221530).

Список пакетов

openSUSE Leap 15.6

python311-black-24.3.0-150400.9.8.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242481-1/
Link for SUSE-SU-2024:2481-1
https://lists.suse.com/pipermail/sle-updates/2024-July/035995.html
E-Mail link for SUSE-SU-2024:2481-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1221530
SUSE Bug 1221530
https://www.suse.com/security/cve/CVE-2024-21503/
SUSE CVE CVE-2024-21503 page

Описание

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.

Затронутые продукты

openSUSE Leap 15.6:python311-black-24.3.0-150400.9.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-21503.html
CVE-2024-21503
https://bugzilla.suse.com/1221530
SUSE Bug 1221530

SUSE-SU-2024:2481-1

Описание

Список пакетов

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-21503

Описание

Затронутые продукты

Ссылки