Debian 10262 Published by

A pygments security update has been released for Debian GNU/Linux 8 Extended LTS to address a series of denial of service vulnerabilities.



ELA-384-1 pygments security update

Package pygments
Version 2.0.1+dfsg-1.1+deb8u3
Related CVEs CVE-2021-27291

It was discovered that there was a series of denial of service vulnerabilities in Pygments, a popular syntax highlighting library for Python.

A number of regular expressions had exponential or cubic worst-case complexity which could cause a remote denial of service (DoS) when provided with malicious input.

For Debian 8 Jessie, these problems have been fixed in version 2.0.1+dfsg-1.1+deb8u3.

We recommend that you upgrade your pygments packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-384-1 pygments security update