mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-01-27 12:01:38 +01:00
2e557033bd
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112 Pick the patch that resolves the issue referenced in the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
26 lines
917 B
Diff
26 lines
917 B
Diff
From 76dd27ec0dbde6c852f412390ac4e2cfefa8af76 Mon Sep 17 00:00:00 2001
|
|
From: cdcadman <mythirty@gmail.com>
|
|
Date: Wed, 17 May 2023 03:57:08 -0700
|
|
Subject: [PATCH] Address CVE-2023-26112 ReDoS
|
|
|
|
CVE: CVE-2023-26112
|
|
Upstream-Status: Backport [https://github.com/DiffSK/configobj/commit/7c618b0bbaff6ecaca51a6f05b29795d1377a4a5]
|
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
|
---
|
|
validate.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/validate.py b/validate.py
|
|
index b7a964c..af76898 100644
|
|
--- a/validate.py
|
|
+++ b/validate.py
|
|
@@ -542,7 +542,7 @@ class Validator(object):
|
|
"""
|
|
|
|
# this regex does the initial parsing of the checks
|
|
- _func_re = re.compile(r'(.+?)\((.*)\)', re.DOTALL)
|
|
+ _func_re = re.compile(r'([^\(\)]+?)\((.*)\)', re.DOTALL)
|
|
|
|
# this regex takes apart keyword arguments
|
|
_key_arg = re.compile(r'^([a-zA-Z_][a-zA-Z0-9_]*)\s*=\s*(.*)$', re.DOTALL)
|