[Debichem-devel] Bug#1024017: pymatgen: CVE-2022-42964
Moritz Mühlenhoff
jmm at inutil.org
Sun Nov 13 19:32:49 GMT 2022
Source: pymatgen
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for pymatgen.
CVE-2022-42964[0]:
| An exponential ReDoS (Regular Expression Denial of Service) can be
| triggered in the pymatgen PyPI package, when an attacker is able to
| supply arbitrary input to the GaussianInput.from_string method
https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
This doesn't seem to have been reported upstream yet, can you please
take care of that?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-42964
https://www.cve.org/CVERecord?id=CVE-2022-42964
Please adjust the affected versions in the BTS as needed.
More information about the Debichem-devel
mailing list