1. 07 Mar, 2018 1 kayıt (commit)
  2. 06 Mar, 2018 1 kayıt (commit)
  3. 05 Mar, 2018 2 kayıt (commit)
  4. 04 Mar, 2018 2 kayıt (commit)
    • Miss Islington (bot)'s avatar
    • Benjamin Peterson's avatar
      [3.6] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) · c9516754
      Benjamin Peterson yazdı
      * Prevent low-grade poplib REDOS (CVE-2018-1060)
      
      The regex to test a mail server's timestamp is susceptible to
      catastrophic backtracking on long evil responses from the server.
      
      Happily, the maximum length of malicious inputs is 2K thanks
      to a limit introduced in the fix for CVE-2013-1752.
      
      A 2KB evil response from the mail server would result in small slowdowns
      (milliseconds vs. microseconds) accumulated over many apop calls.
      This is a potential DOS vector via accumulated slowdowns.
      
      Replace it with a similar non-vulnerable regex.
      
      The new regex is RFC compliant.
      The old regex was non-compliant in edge cases.
      
      * Prevent difflib REDOS (CVE-2018-1061)
      
      The default regex for IS_LINE_JUNK is susceptible to
      catastrophic backtracking.
      This is a potential DOS vector.
      
      Replace it with an equivalent non-vulnerable regex.
      
      Also introduce unit and REDOS tests for difflib.
      Co-authored-by: 's avatarTim Peters <tim.peters@gmail.com>
      Co-authored-by: Christian Heimes <christian@python.org>.
      (cherry picked from commit 0e6c8ee2)
      c9516754
  5. 03 Mar, 2018 2 kayıt (commit)
  6. 01 Mar, 2018 1 kayıt (commit)
  7. 28 Şub, 2018 2 kayıt (commit)
  8. 27 Şub, 2018 2 kayıt (commit)
  9. 26 Şub, 2018 5 kayıt (commit)
  10. 25 Şub, 2018 8 kayıt (commit)
  11. 24 Şub, 2018 3 kayıt (commit)
  12. 23 Şub, 2018 3 kayıt (commit)
  13. 22 Şub, 2018 4 kayıt (commit)
  14. 21 Şub, 2018 4 kayıt (commit)