Projects
openEuler:22.03:LTS:LoongArch
python-wheel
_service:tar_scm_kernel_repo:CVE-2022-40898.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:CVE-2022-40898.patch of Package python-wheel
From 88f02bc335d5404991e532e7f3b0fc80437bf4e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alex=20Gr=C3=B6nholm?= <alex.gronholm@nextday.fi> Date: Thu, 20 Oct 2022 17:13:23 +0300 Subject: [PATCH] Fixed potential DoS attack via WHEEL_INFO_RE Refer: https://github.com/pypa/wheel/issues/498 --- src/wheel/wheelfile.py | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/wheel/wheelfile.py b/src/wheel/wheelfile.py index a0c9d2a5..b985774e 100644 --- a/src/wheel/wheelfile.py +++ b/src/wheel/wheelfile.py @@ -16,8 +16,8 @@ # Non-greedy matching of an optional build number may be too clever (more # invalid wheel filenames will match). Separate regex for .dist-info? WHEEL_INFO_RE = re.compile( - r"""^(?P<namever>(?P<name>.+?)-(?P<ver>.+?))(-(?P<build>\d[^-]*))? - -(?P<pyver>.+?)-(?P<abi>.+?)-(?P<plat>.+?)\.whl$""", + r"""^(?P<namever>(?P<name>[^-]+?)-(?P<ver>[^-]+?))(-(?P<build>\d[^-]*))? + -(?P<pyver>[^-]+?)-(?P<abi>[^-]+?)-(?P<plat>[^.]+?)\.whl$""", re.VERBOSE)
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.