python · Pixmew · Nov 5, 2020 · Nov 5, 2020 · Nov 6, 2020 · Nov 6, 2020
diff --git a/Misc/NEWS.d/next/Tools-Demos/2020-11-06-09-12-13.bpo-41712.WOEkdm.rst b/Misc/NEWS.d/next/Tools-Demos/2020-11-06-09-12-13.bpo-41712.WOEkdm.rst
@@ -0,0 +1 @@
+A regex pattern in the purge script (which is only used internally for creating Windows installers) was vulnerable to regex denial of service.The pattern was changed to fix this.
diff --git a/Tools/msi/purge.py b/Tools/msi/purge.py
@@ -12,7 +12,7 @@
 
 from urllib.request import *
 
-VERSION_RE = re.compile(r'(\d+\.\d+\.\d+)(\w+\d+)?$')
+VERSION_RE = re.compile(r'(\d+\.\d+\.\d+)([A-Za-z_]+\d+)?$')
 
 try:
     m = VERSION_RE.match(sys.argv[1])
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		A regex pattern in the purge script (which is only used internally for creating Windows installers) was vulnerable to regex denial of service.The pattern was changed to fix this.