Bugzilla – Bug 1123996
VUL-1: CVE-2017-18361: python-colander: The URL validator allows an attacker to potentially cause DOS
Last modified: 2021-01-27 10:40:50 UTC
In Pylons Colander through 1.6, the URL validator allows an attacker to
potentially cause an infinite loop thereby causing a denial of service via an
Factory currently has version 1.4 which is also affected.
Fixed in 1.7.0 which is currently on the way to Factory, and Leap 15.1:Update should feed from the Factory as well.
To be exact https://build.opensuse.org/request/show/672756
Leap 15.1 is still at version 1.4, which is tracked as vulnerable.
https://build.opensuse.org/request/show/765544 should bring correct *.changes to Factory, and when it is accepted, I will send request to openSUSE:Leap:15.1 as well.
https://build.opensuse.org/request/show/765651 should be the solution for this bug.
Leap 15.2 is fixed. Leap 15.1 is not. Leap 15.1 enters EOL in the next days. Closing