Open bwbroersma opened 2 weeks ago
Maybe you can publish https://github.com/SecurityInnovation/PGPy/pull/467/commits/09014c72b4557dd1254cf68a32e50f78515f5f32 on PyPI (under a new name, e.g. PGPy-gh467) and use that as requirement, so the version from PyPI is not vulnerable?
Or, remove the pgpy dependency completely and issue a new release. The current version of sectxt on pypi is now vulnerable for a trivial DoS that has been easily triggered by accident and is publicly documented.
Maybe you can publish https://github.com/SecurityInnovation/PGPy/pull/467/commits/09014c72b4557dd1254cf68a32e50f78515f5f32 on PyPI (under a new name, e.g. PGPy-gh467) and use that as requirement, so the version from PyPI is not vulnerable?