-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 17:25:32 +0100 Source: sqlparse Architecture: source Version: 0.4.1-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Andrii Senkovych <andrii@senkovych.com> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 994841 1034615 1070148 Changes: sqlparse (0.4.1-1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix CVE-2021-32839: StripComments filter contains a regular expression that is vulnerable to ReDOS. (Closes: #994841) * Fix CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS. (Closes: #1034615) * Fix CVE-2024-4340: Parsing of heavily nested list leads to Denial of Service. (Closes: #1070148) Checksums-Sha1: f6c827364445e5cefb70c12ca48b352b55d7b4d5 2494 sqlparse_0.4.1-1+deb11u1.dsc 0f72adea0c1a0c190e014413804ab6cf8e64f383 67228 sqlparse_0.4.1.orig.tar.gz 13d7f3569fc3fc72ce7146feb103f5892fe4452e 488 sqlparse_0.4.1.orig.tar.gz.asc d9f139caa179be42eec9e454d300e6d992ef78fd 9272 sqlparse_0.4.1-1+deb11u1.debian.tar.xz bd46fbc5550d6e55e75309e3886a97aaba279d62 8636 sqlparse_0.4.1-1+deb11u1_amd64.buildinfo Checksums-Sha256: 76e3b3d9f33637a982c0ccf1198670e07b9427faea8ec36e55f72cf820b0783d 2494 sqlparse_0.4.1-1+deb11u1.dsc 0f91fd2e829c44362cbcfab3e9ae12e22badaa8a29ad5ff599f9ec109f0454e8 67228 sqlparse_0.4.1.orig.tar.gz 195e5047555834f91e33e322e9f73e72d6c64415adc883ea828f3fbe9b918445 488 sqlparse_0.4.1.orig.tar.gz.asc 08b742bdc25c7fb4d2b0d2cd8938cbb392859972e4337549b9fc1c15052a0fda 9272 sqlparse_0.4.1-1+deb11u1.debian.tar.xz cd2f9fb730c69cb77475a127db55e781979b5812137453852c014214445581b4 8636 sqlparse_0.4.1-1+deb11u1_amd64.buildinfo Files: de5b50f9d6e3bdf4e7f7df5da140e1ce 2494 python optional sqlparse_0.4.1-1+deb11u1.dsc eebbc6b5f1033054873033e54b0c1266 67228 python optional sqlparse_0.4.1.orig.tar.gz d37afb1eaa0a2b493f72fcf9eab1508f 488 python optional sqlparse_0.4.1.orig.tar.gz.asc 6e5af0580ab9ea7dd0a302423b0313a2 9272 python optional sqlparse_0.4.1-1+deb11u1.debian.tar.xz f8b67bd33195860ca2d9935153e6289e 8636 python optional sqlparse_0.4.1-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmdm/UkACgkQ05pJnDwh pVJyARAAkB/BLBS4tDgiNhhguzxOuWCCBLLnHLMJQW+CX6Ra3iFHE5br0pp2yMxM noj2Rokn4f4O2uEbMcsrFS/RmJlTZdLUThyvEDZHLQVmbDXqXldh/ZzXhh2yRQgF mDEyzKxnusebYeiYCcqnej5XqLstFrE8hwOyeSQwfjQh2E57SdIV/qRt8dt28ncz o1BdtjvrnBID2NZz97RVs7XCYqMOQ3EV8WpsW6spKSfQP1Te5enX0Sm2/Zqq+8Yg KdTW5WLOmCfhiNXrGsMS8u6LWpRU51lJtzZsOEqLxgKl3Zel7fTxULaBhhoSElUo ldlHtdmEHetxNF45/cIzP/nG6t10SH4082VFpdv3uy1t22EKUAgbSC9sLjgXN5zc cFIDef57eY3vLxmoYq/YGCp7NKhj/2YU06MxPGcBhJcMBf6k39iO4tw1yAfzN2Lw eS8hUAeSXcT2SMT8kUYe7k8VntrWbXWRr02i7C9acIAvXRj9/xMsiRhY0qM6t5z/ GDrLVsW6KrLBk9qud4xv3+KN13x8A+DvCXUtBxJtzp/gvkcgqEkyZEmMCzBFOqVk kAOctabCSPrcivu1dOiwHWEmNKUGOKFonPpCU1Ai72uV8GpOCE+NBAcLyxDznMmA zr97bx1j3jS8ElhYtNr1aia0RDfqF7wWdCaYcjVuNUG8bfunHmc= =PN3u -----END PGP SIGNATURE-----