Djam/python38
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/python38.git synced 2025-02-23 15:22:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
67 commits 3 branches 9 tags 192 KiB
Commit graph

1 commit

Author SHA1 Message Date
Mikhail Novosyolov
8058c8b2db Fix CVE-2019-16056, CVE-2019-16935 and race in test_docxmlrpc 
https://usn.ubuntu.com/4151-1/
* SECURITY UPDATE: incorrect email address parsing
- CVE-2019-16056.patch: don't parse domains containing @ in
  Lib/email/_header_value_parser.py, Lib/email/_parseaddr.py,
  Lib/test/test_email/test__header_value_parser.py,
  Lib/test/test_email/test_email.py.
* SECURITY UPDATE: XSS in documentation XML-RPC server
- CVE-2019-16935.patch: escape the server_title in Lib/xmlrpc/server.py, Lib/test/test_docxmlrpc.py.
* avoid_test_docxmlrpc_race.patch: avoid race in
  test_docxmlrpc server setup in Lib/test/test_docxmlrpc.py.
 2019-10-10 01:30:49 +03:00