Source: pygments Version: 2.19.2+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/pygments/pygments/issues/3058 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for pygments. CVE-2026-4539[0]: | A security flaw has been discovered in pygments up to 2.19.2. The | impacted element is the function AdlLexer of the file | pygments/lexers/archetype.py. The manipulation results in | inefficient regular expression complexity. The attack is only | possible with local access. The exploit has been released to the | public and may be used for attacks. The project was informed of the | problem early through an issue report but has not responded yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-4539 https://www.cve.org/CVERecord?id=CVE-2026-4539 [1] https://github.com/pygments/pygments/issues/3058 [2] https://github.com/pygments/pygments/commit/24b8aa76c6cd6d70f39c6dd605cce319c98e2ccc Please adjust the affected versions in the BTS as needed. Regards, Salvatore
