[Bug 1278323] Re: Infinite loop in XQuery lexer
Marc Deslauriers
marc.deslauriers at canonical.com
Fri May 2 17:06:56 UTC 2014
Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Please feel free to report any other bugs you may find.
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pygments in Ubuntu.
https://bugs.launchpad.net/bugs/1278323
Title:
Infinite loop in XQuery lexer
Status in “pygments” package in Ubuntu:
New
Bug description:
To reproduce:
echo '(#m' | pygmentize -l xqy
This spins CPU up to 100% and does not exit. Web applications that use
pygments to format user-supplied input could therefore be vulnerable
to denial of service.
Bug does not exist in pygments 1.6 installed via pip.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pygments/+bug/1278323/+subscriptions
More information about the foundations-bugs
mailing list