Debian Mako vulnerabilities

CVE-2022-40023 [HIGH] CVE-2022-40023: mako - Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Servi... Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. Scope: local bookworm: resolved (fixed in 1.2.2+ds1-1) bullseye: resolved (fixed in 1.1.3+ds1-2+deb11u1) forky: resolved (fixed in 1.2.2+ds1-1) sid: resolved (fixed in 1.2.2+ds1-1) trixie: resolved (fixe

CVE-2010-2480 [MEDIUM] CVE-2010-2480: mako - Mako before 0.3.4 relies on the cgi.escape function in the Python standard libra... Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. Scope: local bookworm: resolved (fixed in 0.3.4-1) bullseye: resolved (fixe