blob: ceeaeb19672f474bfdf4d400f4cc12a1f34a8863 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
$NetBSD: patch-Misc_NEWS,v 1.4 2014/07/02 08:22:02 he Exp $
Note added fixes.
--- Misc/NEWS.orig 2014-05-31 18:58:39.000000000 +0000
+++ Misc/NEWS
@@ -63,6 +63,9 @@ Core and Builtins
Library
-------
+- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
+ before checking for a CGI script at that path.
+
- Issue #10744: Fix PEP 3118 format strings on ctypes objects with a nontrivial
shape.
@@ -585,6 +588,13 @@ Library
prevent readline() calls from consuming too much memory. Patch by Jyrki
Pulliainen.
+- Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
+ prevent readline() calls from consuming too much memory. Patch by Jyrki
+ Pulliainen.
+
+- Issue #16042: CVE-2013-1752: smtplib: Limit amount of data read by
+ limiting the call to readline(). Original patch by Christian Heimes.
+
- Issue #12641: Avoid passing "-mno-cygwin" to the mingw32 compiler, except
when necessary. Patch by Oscar Benjamin.
|