Version in base suite: 2022.11.7+dfsg1-11+deb12u1

Base version: pymatgen_2022.11.7+dfsg1-11+deb12u1
Target version: pymatgen_2022.11.7+dfsg1-11+deb12u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/pymatgen/pymatgen_2022.11.7+dfsg1-11+deb12u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/p/pymatgen/pymatgen_2022.11.7+dfsg1-11+deb12u2.dsc

 changelog                    |    9 +++++++++
 patches/CVE-2022-42964.patch |   24 ++++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 34 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpn45b6cg4/pymatgen_2022.11.7+dfsg1-11+deb12u1.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpn45b6cg4/pymatgen_2022.11.7+dfsg1-11+deb12u2.dsc: no acceptable signature found
diff -Nru pymatgen-2022.11.7+dfsg1/debian/changelog pymatgen-2022.11.7+dfsg1/debian/changelog
--- pymatgen-2022.11.7+dfsg1/debian/changelog	2024-08-28 13:15:13.000000000 +0000
+++ pymatgen-2022.11.7+dfsg1/debian/changelog	2026-05-27 11:45:16.000000000 +0000
@@ -1,3 +1,12 @@
+pymatgen (2022.11.7+dfsg1-11+deb12u2) bookworm; urgency=medium
+
+  * Team upload.
+  * d/patches:
+    - CVE-2022-42964: Import and backport patch (Closes: #1024017)
+      (Fix exponential ReDoS in GaussianInput.from_string method)
+
+ -- Matheus Polkorny <mpolkorny@gmail.com>  Wed, 27 May 2026 08:45:16 -0300
+
 pymatgen (2022.11.7+dfsg1-11+deb12u1) bookworm-security; urgency=medium
 
   * CVE-2024-23346 (Closes: #1064514)
diff -Nru pymatgen-2022.11.7+dfsg1/debian/patches/CVE-2022-42964.patch pymatgen-2022.11.7+dfsg1/debian/patches/CVE-2022-42964.patch
--- pymatgen-2022.11.7+dfsg1/debian/patches/CVE-2022-42964.patch	1970-01-01 00:00:00.000000000 +0000
+++ pymatgen-2022.11.7+dfsg1/debian/patches/CVE-2022-42964.patch	2026-05-27 11:45:16.000000000 +0000
@@ -0,0 +1,24 @@
+From: Luis Barroso-Luque <lbluque@users.noreply.github.com>
+Date: Tue, 12 Aug 2025 17:03:47 -0700
+Subject: patch ReDOS vulnerability:
+ https://salsa.debian.org/debichem-team/pymatgen/-/commit/dcba4226dfc59789070bd1f7aa40b953e7722651
+ (#4476)
+
+Origin: upstream, https://github.com/materialsproject/pymatgen/commit/0f5c4af439817a7742dc2d4608357cc252f655f8
+---
+ pymatgen/io/gaussian.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pymatgen/io/gaussian.py b/pymatgen/io/gaussian.py
+index c17bdbc..76fbae8 100644
+--- a/pymatgen/io/gaussian.py
++++ b/pymatgen/io/gaussian.py
+@@ -90,7 +90,7 @@ class GaussianInput:
+     """
+ 
+     # Commonly used regex patterns
+-    _zmat_patt = re.compile(r"^(\w+)*([\s,]+(\w+)[\s,]+(\w+))*[\-\.\s,\w]*$")
++    _zmat_patt = re.compile(r"^(\w+)([\s,]+(\w+)[\s,]+(\w+)){0,3}[\-\.\s,\w]*$")
+     _xyz_patt = re.compile(r"^(\w+)[\s,]+([\d\.eE\-]+)[\s,]+([\d\.eE\-]+)[\s,]+" r"([\d\.eE\-]+)[\-\.\s,\w.]*$")
+ 
+     def __init__(
diff -Nru pymatgen-2022.11.7+dfsg1/debian/patches/series pymatgen-2022.11.7+dfsg1/debian/patches/series
--- pymatgen-2022.11.7+dfsg1/debian/patches/series	2024-04-05 13:51:58.000000000 +0000
+++ pymatgen-2022.11.7+dfsg1/debian/patches/series	2026-05-27 11:45:16.000000000 +0000
@@ -12,3 +12,4 @@
 stress_fp_approx_2839.patch
 no_mp_api.patch
 CVE-2024-23346.patch
+CVE-2022-42964.patch