add a default limit for the amount of data xmlrpclib.gzip_decode will return (closes #16043)

author: Benjamin Peterson <benjamin@python.org> 2014-12-06 01:15:15 (GMT)
committer: Benjamin Peterson <benjamin@python.org> 2014-12-06 01:15:15 (GMT)
commit: 4e9cefaf86035f8014e09049328d197b6506532f (patch)
tree: ddbd8877138fec984a96531571b870f996ed37d0 /Misc
parent: 258f3f0dc23c7721c7a9314d9aa47fa3504b3c52 (diff)
download: cpython-4e9cefaf86035f8014e09049328d197b6506532f.zip
cpython-4e9cefaf86035f8014e09049328d197b6506532f.tar.gz
cpython-4e9cefaf86035f8014e09049328d197b6506532f.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index fc53c0f..3cff3cd 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -16,6 +16,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode
+  will return. This resolves CVE-2013-1753.
+
 - Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
   prevent readline() calls from consuming too much memory.  Patch by Jyrki
   Pulliainen.
author	Benjamin Peterson <benjamin@python.org>	2014-12-06 01:15:15 (GMT)
committer	Benjamin Peterson <benjamin@python.org>	2014-12-06 01:15:15 (GMT)
commit	4e9cefaf86035f8014e09049328d197b6506532f (patch)
tree	ddbd8877138fec984a96531571b870f996ed37d0 /Misc
parent	258f3f0dc23c7721c7a9314d9aa47fa3504b3c52 (diff)
download	cpython-4e9cefaf86035f8014e09049328d197b6506532f.zip cpython-4e9cefaf86035f8014e09049328d197b6506532f.tar.gz cpython-4e9cefaf86035f8014e09049328d197b6506532f.tar.bz2