Hi,I'm introducing python-cleo 1.0.0a5 that has this vulnerability. I need it for new upstream release of poetry (1.2.2). But I applied a patch from upstream to fix this issue [0].
There's a new upstream release from cleo 2.0.1 but this break poetry [1]. So, we need to wait a new upstream release of poetry before package version 2.*.* of cleo.
[0] https://salsa.debian.org/python-team/packages/python-cleo/-/blob/debian/master/debian/patches/0001-change_regex_string_to_less_permissive_one.patch
[1] https://github.com/python-poetry/cleo/blob/main/CHANGELOG.md Cheers, Emmanuel
OpenPGP_0xFA9DEC5DE11C63F1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
