From: Barry Warsaw Date: Mon, 30 Sep 2013 23:09:29 +0000 (-0400) Subject: - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to X-Git-Tag: v2.7.6rc1~122 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d5849f545e0de0b4576cbc7b856adc9b0c7e1be8;p=python - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to prevent readline() calls from consuming too much memory. Patch by Jyrki Pulliainen. --- d5849f545e0de0b4576cbc7b856adc9b0c7e1be8 diff --cc Misc/NEWS index 54753cd923,dc1dd4b991..191a87e100 --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -9,49 -10,29 +9,53 @@@ What's New in Python 2.7.6 Core and Builtins ----------------- -Library -------- +- Issue #13461: Fix a crash in the "replace" error handler on 64-bit platforms. + Patch by Yogesh Chaudhari. -- Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by - limiting the call to readline(). Original patch by Christian Heimes. +- Issue #15866: The xmlcharrefreplace error handler no more produces two XML + entities for a non-BMP character on narrow build. -- Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to - prevent readline() calls from consuming too much memory. Patch by Jyrki - Pulliainen. +- Issue #18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise + OverflowError when an argument of %c format is out of range. + +- Issue #18137: Detect integer overflow on precision in float.__format__() + and complex.__format__(). + +- Issue #18038: SyntaxError raised during compilation sources with illegal + encoding now always contains an encoding name. + +- Issue #18019: Fix crash in the repr of dictionaries containing their own + views. + +- Issue #18427: str.replace could crash the interpreter with huge strings. + +Library +------- + - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to + prevent readline() calls from consuming too much memory. Patch by Jyrki + Pulliainen. + -- Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to - limit line length. Patch by Emil Lind. +- Issue #12641: Avoid passing "-mno-cygwin" to the mingw32 compiler, except + when necessary. Patch by Oscar Benjamin. + +- Properly initialize all fields of a SSL object after allocation. + +- Issue #4366: Fix building extensions on all platforms when --enable-shared + is used. -- Issue #16038: CVE-2013-1752: ftplib: Limit amount of data read by - limiting the call to readline(). Original patch by Michał - Jastrzębski and Giampaolo Rodola. +- Issue #18950: Fix miscellaneous bugs in the sunau module. + Au_read.readframes() now updates current file position and reads correct + number of frames from multichannel stream. Au_write.writeframesraw() now + correctly updates current file position. Au_read and Au_write now correctly + work with file object if start file position is not a zero. -- Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more - than 100 headers are read. Adapted from patch by Jyrki Pulliainen. +- Issue #18050: Fixed an incompatibility of the re module with Python 2.7.3 + and older binaries. + +- Issue #19037: The mailbox module now makes all changes to maildir files + before moving them into place, to avoid race conditions with other programs + that may be accessing the maildir directory. - Issue #14984: On POSIX systems, when netrc is called without a filename argument (and therefore is reading the user's $HOME/.netrc file), it now