It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a regular expression denial of service.
{ "binaries": [ { "binary_version": "5.0.6-2ubuntu0.16.04.1~esm1", "binary_name": "python-configobj" }, { "binary_version": "5.0.6-2ubuntu0.16.04.1~esm1", "binary_name": "python3-configobj" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }
{ "binaries": [ { "binary_version": "5.0.6-2ubuntu0.18.04.1~esm1", "binary_name": "python-configobj" }, { "binary_version": "5.0.6-2ubuntu0.18.04.1~esm1", "binary_name": "python3-configobj" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro" }
{ "binaries": [ { "binary_version": "5.0.6-4ubuntu0.1", "binary_name": "python3-configobj" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "5.0.6-5ubuntu0.1", "binary_name": "python3-configobj" } ], "availability": "No subscription required" }