Issue #23529: Limit the size of decompressed data when reading from

GzipFile, BZ2File or LZMAFile. This defeats denial of service attacks using compressed bombs (i.e. compressed payloads which decompress to a huge size). Patch by Martin Panter and Nikolaus Rath.
author: Antoine Pitrou <solipsis@pitrou.net> 2015-04-10 22:31:01 (GMT)
committer: Antoine Pitrou <solipsis@pitrou.net> 2015-04-10 22:31:01 (GMT)
commit: 2dbc6e6bce0a29757acddd8000d55f7c844295a2 (patch)
tree: f1510e3a93b2527308dd6400a8b0544607e072db /Misc
parent: 2ce11d296cee8d71d2bf2451c7dba4ffa119d9d3 (diff)
download: cpython-2dbc6e6bce0a29757acddd8000d55f7c844295a2.zip
cpython-2dbc6e6bce0a29757acddd8000d55f7c844295a2.tar.gz
cpython-2dbc6e6bce0a29757acddd8000d55f7c844295a2.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index cee7db8..ad28737 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -19,6 +19,11 @@ Core and Builtins
 Library
 -------
 
+- Issue #23529: Limit the size of decompressed data when reading from
+  GzipFile, BZ2File or LZMAFile.  This defeats denial of service attacks
+  using compressed bombs (i.e. compressed payloads which decompress to a huge
+  size).  Patch by Martin Panter and Nikolaus Rath.
+
 - Issue #21859: Added Python implementation of io.FileIO.
 
 - Issue #23865: close() methods in multiple modules now are idempotent and more
author	Antoine Pitrou <solipsis@pitrou.net>	2015-04-10 22:31:01 (GMT)
committer	Antoine Pitrou <solipsis@pitrou.net>	2015-04-10 22:31:01 (GMT)
commit	2dbc6e6bce0a29757acddd8000d55f7c844295a2 (patch)
tree	f1510e3a93b2527308dd6400a8b0544607e072db /Misc
parent	2ce11d296cee8d71d2bf2451c7dba4ffa119d9d3 (diff)
download	cpython-2dbc6e6bce0a29757acddd8000d55f7c844295a2.zip cpython-2dbc6e6bce0a29757acddd8000d55f7c844295a2.tar.gz cpython-2dbc6e6bce0a29757acddd8000d55f7c844295a2.tar.bz2