[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-02-14 Thread Łukasz Langa
Łukasz Langa added the comment: New changeset 8a84aef0123bd8c13cf81fbc3b5f6d45f96c2656 by Jason R. Coombs in branch '3.8': [3.8] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importlib_metadata 4.10.1) (GH-30803). (#30829)

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-23 Thread Jason R. Coombs
Change by Jason R. Coombs : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-23 Thread Jason R. Coombs
Jason R. Coombs added the comment: New changeset 1514d1252f96e6a83eb65c439522a6b5443f6a1a by Jason R. Coombs in branch '3.9': [3.9] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importlib_metadata 4.10.1) (GH-30803). (GH-30828)

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-23 Thread Jason R. Coombs
Jason R. Coombs added the comment: New changeset a7a4ca4f06c8c31d7f403113702ad2e80bfc326b by Jason R. Coombs in branch '3.10': [3.10] bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importlib_metadata 4.10.1) (GH-30803) (GH-30827)

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-23 Thread Jason R. Coombs
Change by Jason R. Coombs : -- pull_requests: +29016 pull_request: https://github.com/python/cpython/pull/30829 ___ Python tracker ___

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-23 Thread Jason R. Coombs
Change by Jason R. Coombs : -- pull_requests: +29015 pull_request: https://github.com/python/cpython/pull/30828 ___ Python tracker ___

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-23 Thread Jason R. Coombs
Change by Jason R. Coombs : -- pull_requests: +29014 pull_request: https://github.com/python/cpython/pull/30827 ___ Python tracker ___

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-22 Thread Jason R. Coombs
Jason R. Coombs added the comment: New changeset 51c3e28c8a163e58dc753765e3cc51d5a717e70d by Jason R. Coombs in branch 'main': bpo-46474: Avoid REDoS in EntryPoint.pattern (sync with importlib_metadata 4.10.1) (GH-30803)

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-22 Thread Jason R. Coombs
Jason R. Coombs added the comment: New changeset 443dec6c9a104386ee90165d32fb28d0c5d29043 by Jason R. Coombs in branch 'main': bpo-46474: Apply changes from importlib_metadata 4.10.0 (GH-30802) https://github.com/python/cpython/commit/443dec6c9a104386ee90165d32fb28d0c5d29043 --

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-22 Thread Jason R. Coombs
Change by Jason R. Coombs : -- pull_requests: +28989 pull_request: https://github.com/python/cpython/pull/30803 ___ Python tracker ___

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-22 Thread Jason R. Coombs
Change by Jason R. Coombs : -- keywords: +patch pull_requests: +28987 stage: -> patch review pull_request: https://github.com/python/cpython/pull/30802 ___ Python tracker ___

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-22 Thread Jason R. Coombs
Jason R. Coombs added the comment: Because I want this security issue to be back-portable to older Pythons, I'll first apply importlib_metadata 4.10.0 and then apply the change from 4.10.1 separately. -- ___ Python tracker

[issue46474] Inefficient regular expression complexity in EntryPoint.pattern

2022-01-22 Thread Jason R. Coombs
New submission from Jason R. Coombs : Originally reported to the Python Security Response Team, the EntryPoint.pattern demonstrates a potential [ReDoS](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_). The issue has been patched and fix released with