Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer

author Charles-François Natali <neologix@free.fr>

Sat, 18 Feb 2012 14:02:10 +0000 (15:02 +0100)

committer Charles-François Natali <neologix@free.fr>

Sat, 18 Feb 2012 14:02:10 +0000 (15:02 +0100)
author Charles-François Natali <neologix@free.fr>
Sat, 18 Feb 2012 14:02:10 +0000 (15:02 +0100)
committer Charles-François Natali <neologix@free.fr>
Sat, 18 Feb 2012 14:02:10 +0000 (15:02 +0100)
diff --cc Lib/test/test_xmlrpc.py
Simple merge
diff --cc Lib/xmlrpc/server.py
Simple merge
diff --cc Misc/NEWS

index 10862e416382b542f4bc789916e8a56a6fe9f831,b9cd7644aa96373323b0cd9beba07805b4d5b3f5..1da9d8afe8594a0505253d2e3a3613ccde4bdab4
--- 1/Misc/NEWS
--- 2/Misc/NEWS
+++ b/Misc/NEWS
@@@ -466,11 -116,9 +466,14 @@@ Core and Builtin
   Library
   -------
   
+ - Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
+   SimpleXMLRPCServer upon malformed POST request.
+ 
+ +- Issue #13961: Move importlib over to using os.replace() for atomic renaming.
+ +
+ +- Do away with ambiguous level values (as suggested by PEP 328) in
+ +  importlib.__import__() by raising ValueError when level < 0.
+ +
   - Issue #2489: pty.spawn could consume 100% cpu when it encountered an EOF.
   
   - Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert().
author	Charles-François Natali <neologix@free.fr>
	Sat, 18 Feb 2012 14:02:10 +0000 (15:02 +0100)
committer	Charles-François Natali <neologix@free.fr>
	Sat, 18 Feb 2012 14:02:10 +0000 (15:02 +0100)
		1	2
Lib/test/test_xmlrpc.py	patch \|	diff1 \|	diff2 \|	blob \| history
Lib/xmlrpc/server.py	patch \|	diff1 \|	diff2 \|	blob \| history
Misc/NEWS	patch \|	diff1 \|	diff2 \|	blob \| history