CVE-2020-6817

NameCVE-2020-6817
DescriptionRegular expression denial of service
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2167-1
Debian Bugs955388

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-bleach (PTS)stretch2.0-1vulnerable
buster, buster (security)3.1.2-0+deb10u1vulnerable
bullseye, sid3.1.5-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-bleachsourcejessie1.4-1+deb8u1DLA-2167-1
python-bleachsource(unstable)3.1.4-1955388

Notes

[buster] - python-bleach <no-dsa> (Minor issue; some regression potential)
[stretch] - python-bleach <no-dsa> (Minor issue; some regression potential)
https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm
https://bugzilla.mozilla.org/show_bug.cgi?id=1623633
https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7
Regression report: https://github.com/mozilla/bleach/pull/530

Search for package or bug name: Reporting problems