#16042: CVE-2013-1752: Limit amount of data read by limiting the call to readline(). The SSLFakeFile.readline() method needs to support limiting readline() as well. It's not a full emulation of readline()'s signature, but this class is only used by smtplib's code, so it doesn't have to be. Modified version of original patch by Christian Heimes.

commit: 503baf9ecd2cc5fb0bb85cec99c300862c02de85 [log] [tgz]
author: Andrew Kuchling <amk@amk.ca> Sun Sep 15 13:11:47 2013 -0400
committer: Andrew Kuchling <amk@amk.ca> Sun Sep 15 13:11:47 2013 -0400
tree: 8817cfd798230c1c1ad0aa5d8c5a4ba2e6bc7f32
parent: ed9884b2d0d5f1d4b1a8b252c4cd702095e0fc23 [diff] [blame]
diff --git a/Misc/NEWS b/Misc/NEWS
index 790dc58..de8c202 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -16,13 +16,16 @@
 - Issue #16248: Disable code execution from the user's home directory by
   tkinter when the -E flag is passed to Python.  Patch by Zachary Ware.
 
+- Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by
+  limiting the call to readline().  Original patch by Christian Heimes.
+
 Extension Modules
 -----------------
 
 - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
   inside subjectAltName correctly. Formerly the module has used OpenSSL's
   GENERAL_NAME_print() function to get the string represention of ASN.1
-  strings for `rfc822Name` (email), `dNSName` (DNS) and 
+  strings for `rfc822Name` (email), `dNSName` (DNS) and
   `uniformResourceIdentifier` (URI).
commit	503baf9ecd2cc5fb0bb85cec99c300862c02de85	[log] [tgz]
author	Andrew Kuchling <amk@amk.ca>	Sun Sep 15 13:11:47 2013 -0400
committer	Andrew Kuchling <amk@amk.ca>	Sun Sep 15 13:11:47 2013 -0400
tree	8817cfd798230c1c1ad0aa5d8c5a4ba2e6bc7f32
parent	ed9884b2d0d5f1d4b1a8b252c4cd702095e0fc23 [diff] [blame]