python/dist/src/Misc NEWS, 1.337.2.4.2.94, 1.337.2.4.2.95
Update of /cvsroot/python/python/dist/src/Misc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14681/Misc Modified Files: Tag: release22-maint NEWS Log Message: Security fix PSF-2005-001 for SimpleXMLRPCServer.py. Index: NEWS =================================================================== RCS file: /cvsroot/python/python/dist/src/Misc/NEWS,v retrieving revision 1.337.2.4.2.94 retrieving revision 1.337.2.4.2.95 diff -u -d -r1.337.2.4.2.94 -r1.337.2.4.2.95 --- NEWS 17 Sep 2003 03:32:41 -0000 1.337.2.4.2.94 +++ NEWS 3 Feb 2005 14:58:41 -0000 1.337.2.4.2.95 @@ -2,6 +2,10 @@ Release date: XX-XXX-XXXX =========================== +- Applied a security fix to SimpleXMLRPCserver (PSF-2005-001). This + disables recursive traversal through instance attributes, which can + be exploited in various ways. + - Fixed a bug in the cache of length-one Unicode strings that could lead to a seg fault. The specific problem occurred when an earlier, non-fatal error left an uninitialized Unicode object in the
participants (1)
-
gvanrossumļ¼ users.sourceforge.net