Page MenuHomePhabricator
Files F34150046

0001-SECURITY-Disable-sml-because-of-infinite-loop-DoS-CV.patch
Legoktm (Legoktm)
Actions

Authored By
Legoktm
Mar 10 2021, 6:26 PM
Size
902 B
Referenced Files
None
Subscribers
None

0001-SECURITY-Disable-sml-because-of-infinite-loop-DoS-CV.patch
View Options

From 44050dca2ce9425716b956b8cd9502444ce4c3b3 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@member.fsf.org>
Date: Wed, 10 Mar 2021 10:24:23 -0800
Subject: [PATCH] SECURITY: Disable "sml" because of infinite loop DoS
(CVE-2021-20270)
It is possible to trigger an infinite loop in "sml", causing a DoS.
SyntaxHighlight will fall back to displaying the code as <pre> formatted
text instead.
Bug: T276843
Change-Id: Iecdcc98d9d2eb838c7192171bca34d79f031213c
---
SyntaxHighlight.lexers.php | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SyntaxHighlight.lexers.php b/SyntaxHighlight.lexers.php
index f64672e..6f1a67c 100644
--- a/SyntaxHighlight.lexers.php
+++ b/SyntaxHighlight.lexers.php
@@ -572,7 +572,8 @@ return [
'smali',
'smalltalk',
'smarty',
- 'sml',
+ // Disabled because of CVE-2021-20270
+ // 'sml',
'snobol',
'snowball',
'sources.list',
--
2.29.2

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8917941
Default Alt Text
0001-SECURITY-Disable-sml-because-of-infinite-loop-DoS-CV.patch (902 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL