#16042: CVE-2013-1752: smtplib fix for unlimited readline() from socket

author: Georg Brandl <georg@python.org> 2014-01-25 08:02:18 (GMT)
committer: Georg Brandl <georg@python.org> 2014-01-25 08:02:18 (GMT)
commit: c11435399e7af8317e5a51642ee665347da2b97f (patch)
tree: 45a63ff03df5fda7b9e3c697331165ea5b22bbc0 /Misc
parent: f580d5b6f7468abf768a2ee6360168ad92893457 (diff)
download: cpython-c11435399e7af8317e5a51642ee665347da2b97f.zip
cpython-c11435399e7af8317e5a51642ee665347da2b97f.tar.gz
cpython-c11435399e7af8317e5a51642ee665347da2b97f.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 2de9b31..cac7561 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -50,6 +50,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by
+  limiting the call to readline().  Original patch by Christian Heimes.
+
 - Issue #20317: ExitStack.__exit__ could create a self-referential loop if an
   exception raised by a cleanup operation already had its context set
   correctly (for example, by the @contextmanager decorator). The infinite
author	Georg Brandl <georg@python.org>	2014-01-25 08:02:18 (GMT)
committer	Georg Brandl <georg@python.org>	2014-01-25 08:02:18 (GMT)
commit	c11435399e7af8317e5a51642ee665347da2b97f (patch)
tree	45a63ff03df5fda7b9e3c697331165ea5b22bbc0 /Misc
parent	f580d5b6f7468abf768a2ee6360168ad92893457 (diff)
download	cpython-c11435399e7af8317e5a51642ee665347da2b97f.zip cpython-c11435399e7af8317e5a51642ee665347da2b97f.tar.gz cpython-c11435399e7af8317e5a51642ee665347da2b97f.tar.bz2