Setuptools: Denial of Service — GLSA 202405-10

A vulnerability has been discovered in Setuptools, which can lead to denial of service.

Affected packages

dev-python/setuptools on all architectures
Affected versions < 65.5.1
Unaffected versions >= 65.5.1

Background

Setuptools is a manager for Python packages.

Description

A vulnerability has been discovered in Setuptools. See the impact field.

Impact

An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom PackageIndex page.

Workaround

There is no known workaround at this time.

Resolution

All Setuptools users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-python/setuptools-65.5.1"
 

References

Release date
May 05, 2024

Latest revision
May 05, 2024: 1

Severity
normal

Exploitable
remote

Bugzilla entries