python-mako-1.1.4-6.el9

エラータID: AXSA:2023-5414:01

Release date: 
Thursday, May 18, 2023 - 07:42
Subject: 
python-mako-1.1.4-6.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance.

Security Fix(es):

* python-mako: REDoS in Lexer class (CVE-2022-40023)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.2 Release Notes linked from the References section.

CVE-2022-40023
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

Solution: 

Update packages.

CVEs: 
CVE-2022-40023
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-mako-1.1.4-6.el9.src.rpm
    MD5: 7b1584d327462017c3649ca432445851
    SHA-256: 9f209d8c0798c103a28a350df67c36f6f72591be9164507fb281986e7c0ba279
    Size: 205.26 kB

Asianux Server 9 for x86_64
  1. python3-mako-1.1.4-6.el9.noarch.rpm
    MD5: 915c13da70d22f176fb01dfd921ab792
    SHA-256: 05e6845c4a6ec5cad1eecdecdadf1f44e02c27a4f91cef46778b027b77314369
    Size: 144.16 kB