Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using...

author Antoine Pitrou <solipsis@pitrou.net>

Sat, 18 May 2013 15:59:12 +0000 (17:59 +0200)

committer Antoine Pitrou <solipsis@pitrou.net>

Sat, 18 May 2013 15:59:12 +0000 (17:59 +0200)
author Antoine Pitrou <solipsis@pitrou.net>
Sat, 18 May 2013 15:59:12 +0000 (17:59 +0200)
committer Antoine Pitrou <solipsis@pitrou.net>
Sat, 18 May 2013 15:59:12 +0000 (17:59 +0200)
diff --cc Lib/ssl.py
Simple merge
diff --cc Lib/test/test_ssl.py
Simple merge
diff --cc Misc/NEWS

index 68902e5c1fe008d46c2533ecbe21a13af1278c28,1a516b77396067ab7a324ab6a3dc79e324f40b90..2bc763f99aa5d6d335aaa6abbeb6adbee591d83b
--- 1/Misc/NEWS
--- 2/Misc/NEWS
+++ b/Misc/NEWS
@@@ -94,21 -87,6 +94,24 @@@ Core and Builtin
   Library
   -------
   
++- Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of
++  service using certificates with many wildcards (CVE-2013-2099).
++
+ +- Issue #15758: Fix FileIO.readall() so it no longer has O(n**2) complexity.
+ +
+ +- Issue #14596: The struct.Struct() objects now use more compact implementation.
+ +
+ +- Issue #17981: Closed socket on error in SysLogHandler.
+ +
+ +- Issue #17964: Fix os.sysconf(): the return type of the C sysconf() function
+ +  is long, not int.
+ +
+ +- Fix typos in the multiprocessing module.
+ +
+ +- Issue #17754: Make ctypes.util.find_library() independent of the locale.
+ +
+ +- Issue #17968: Fix memory leak in os.listxattr().
+ +
   - Issue #17606: Fixed support of encoded byte strings in the XMLGenerator
     characters() and ignorableWhitespace() methods.  Original patch by Sebastian
     Ortiz Vasquez.
author	Antoine Pitrou <solipsis@pitrou.net>
	Sat, 18 May 2013 15:59:12 +0000 (17:59 +0200)
committer	Antoine Pitrou <solipsis@pitrou.net>
	Sat, 18 May 2013 15:59:12 +0000 (17:59 +0200)
		1	2
Lib/ssl.py	patch \|	diff1 \|	diff2 \|	blob \| history
Lib/test/test_ssl.py	patch \|	diff1 \|	diff2 \|	blob \| history
Misc/NEWS	patch \|	diff1 \|	diff2 \|	blob \| history