ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-14 10:55:23 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix/gnu/packages/patches/python2-CVE-2018-1060.patch
Marius Bakke a55ebe2e3a
gnu: python2: Add upstream security fixes. 
This addresses CVE-2018-{1060,1061,14647,1000802}.

* gnu/packages/patches/python2-CVE-2018-1000802.patch,
gnu/packages/patches/python2-CVE-2018-1060.patch,
gnu/packages/patches/python2-CVE-2018-1061.patch,
gnu/packages/patches/python2-CVE-2018-14647.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/python.scm (python-2/fixed): New variable.
(python-2.7)[replacement]: New field.
(python2-minimal): Use PACKAGE/INHERIT.
2018-10-17 20:34:37 +02:00

20 lines
593 B
Diff
Raw Blame History

Fix CVE-2018-1060:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060
Taken from upstream commit (sans test and NEWS):
https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2
diff --git a/Lib/poplib.py b/Lib/poplib.py
index b91e5f72d2ca..a238510b38fc 100644
--- a/Lib/poplib.py
+++ b/Lib/poplib.py
@@ -274,7 +274,7 @@ def rpop(self, user):
return self._shortcmd('RPOP %s' % user)
- timestamp = re.compile(r'\+OK.*(<[^>]+>)')
+ timestamp = re.compile(br'\+OK.[^<]*(<.*>)')
def apop(self, user, secret):
"""Authorisation
Reference in a new issue View git blame Copy permalink