~ubuntu-branches/ubuntu/precise/python3.2/precise-security

Viewing all changes in revision 40.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-06-18 14:42:39 UTC
  • Revision ID: package-import@ubuntu.com-20150618144239-i5ewu8oaq6uqslew
Tags: 3.2.3-0ubuntu3.7
* SECURITY UPDATE: denial of service in multiple servers
  - debian/patches/CVE-2013-1752-ftplib.patch: limit amount of data read
    in Lib/ftplib.py, added test to Lib/test/test_ftplib.py.
  - debian/patches/CVE-2013-1752-httplib.patch: limit long lines in
    Lib/http/client.py, added test to Lib/test/test_httplib.py.
  - debian/patches/CVE-2013-1752-imaplib.patch: limit line length in
    Lib/imaplib.py, added test to Lib/test/test_imaplib.py.
  - debian/patches/CVE-2013-1752-nntplib.patch: limit line length in
    Lib/nntplib.py, added test to Lib/test/test_nntplib.py.
  - debian/patches/CVE-2013-1752-poplib.patch: limit maximum line length
    in Lib/poplib.py, added test to Lib/test/test_poplib.py.
  - debian/patches/CVE-2013-1752-smtplib.patch: limit amount read from
    the network in Lib/smtplib.py, added test to
    Lib/test/test_smtplib.py, fix Lib/test/mock_socket.py.
  - CVE-2013-1752
* SECURITY UPDATE: denial of service via xmlrpc gzip-compressed
  HTTP bodies
  - debian/patches/CVE-2013-1753.patch: add default limit in
    Lib/xmlrpc/client.py, added test to Lib/test/test_xmlrpc.py.
  - CVE-2013-1753
* SECURITY UPDATE: arbitrary memory read via idx argument
  - debian/patches/CVE-2014-4616.patch: reject negative idx values in
    Modules/_json.c, added test to Lib/test/json_tests/test_decode.py.
  - CVE-2014-4616
* SECURITY UPDATE: code execution or file disclosure via CGIHTTPServer
  - debian/patches/CVE-2014-4650.patch: url unquote path in
    Lib/http/server.py, added test to Lib/test/test_httpservers.py.
  - CVE-2014-4650

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: