| commit | 9e8f523c5b1c354097753084054eadf14d33238d | [log] [tgz] |
|---|---|---|
| author | Benjamin Peterson <benjamin@python.org> | Fri Dec 05 20:15:15 2014 -0500 |
| committer | Benjamin Peterson <benjamin@python.org> | Fri Dec 05 20:15:15 2014 -0500 |
| tree | a65f62b77289aeb0a215caeb2422fb8c0a4266f8 | |
| parent | dabfc56b57f5086eb5522d8e6cd7670c62d2482d [diff] [blame] |
add a default limit for the amount of data xmlrpclib.gzip_decode will return (closes #16043)
diff --git a/Misc/NEWS b/Misc/NEWS index ff68b45..dea29e3 100644 --- a/Misc/NEWS +++ b/Misc/NEWS
@@ -10,6 +10,9 @@ Library ------- +- Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode + will return. This resolves CVE-2013-1753. + - Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by limiting the call to readline(). Original patch by Christian Heimes.