Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F34150046
0001-SECURITY-Disable-sml-because-of-infinite-loop-DoS-CV.patch
Legoktm (Legoktm)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Legoktm
Mar 10 2021, 6:26 PM
2021-03-10 18:26:45 (UTC+0)
Size
902 B
Referenced Files
None
Subscribers
None
0001-SECURITY-Disable-sml-because-of-infinite-loop-DoS-CV.patch
View Options
From 44050dca2ce9425716b956b8cd9502444ce4c3b3 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@member.fsf.org>
Date: Wed, 10 Mar 2021 10:24:23 -0800
Subject: [PATCH] SECURITY: Disable "sml" because of infinite loop DoS
(CVE-2021-20270)
It is possible to trigger an infinite loop in "sml", causing a DoS.
SyntaxHighlight will fall back to displaying the code as <pre> formatted
text instead.
Bug: T276843
Change-Id: Iecdcc98d9d2eb838c7192171bca34d79f031213c
---
SyntaxHighlight.lexers.php | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/SyntaxHighlight.lexers.php b/SyntaxHighlight.lexers.php
index f64672e..6f1a67c 100644
--- a/SyntaxHighlight.lexers.php
+++ b/SyntaxHighlight.lexers.php
@@ -572,7 +572,8 @@ return [
'smali',
'smalltalk',
'smarty',
- 'sml',
+ // Disabled because of CVE-2021-20270
+ // 'sml',
'snobol',
'snowball',
'sources.list',
--
2.29.2
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8917941
Default Alt Text
0001-SECURITY-Disable-sml-because-of-infinite-loop-DoS-CV.patch (902 B)
Attached To
Mode
T276843: Bundled pygments in REL1_31 / REL1_35 vulnerable to CVE-2021-20270 and CVE-2021-27291
Attached
Detach File
Event Timeline
Log In to Comment