[Python-checkins] python/dist/src/Misc NEWS, 1.337.2.4.2.94,
1.337.2.4.2.95
gvanrossum at users.sourceforge.net
gvanrossum at users.sourceforge.net
Thu Feb 3 15:58:47 CET 2005
Update of /cvsroot/python/python/dist/src/Misc
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14681/Misc
Modified Files:
Tag: release22-maint
NEWS
Log Message:
Security fix PSF-2005-001 for SimpleXMLRPCServer.py.
Index: NEWS
===================================================================
RCS file: /cvsroot/python/python/dist/src/Misc/NEWS,v
retrieving revision 1.337.2.4.2.94
retrieving revision 1.337.2.4.2.95
diff -u -d -r1.337.2.4.2.94 -r1.337.2.4.2.95
--- NEWS 17 Sep 2003 03:32:41 -0000 1.337.2.4.2.94
+++ NEWS 3 Feb 2005 14:58:41 -0000 1.337.2.4.2.95
@@ -2,6 +2,10 @@
Release date: XX-XXX-XXXX
===========================
+- Applied a security fix to SimpleXMLRPCserver (PSF-2005-001). This
+ disables recursive traversal through instance attributes, which can
+ be exploited in various ways.
+
- Fixed a bug in the cache of length-one Unicode strings that could
lead to a seg fault. The specific problem occurred when an earlier,
non-fatal error left an uninitialized Unicode object in the
More information about the Python-checkins
mailing list