all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
blob 5eb7ccfbc92909de1b1c31146c8ba68329157ae9 593 bytes (raw)
name: gnu/packages/patches/python2-CVE-2018-1060.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

 
Fix CVE-2018-1060:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060

Taken from upstream commit (sans test and NEWS):
https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2

diff --git a/Lib/poplib.py b/Lib/poplib.py
index b91e5f72d2ca..a238510b38fc 100644
--- a/Lib/poplib.py
+++ b/Lib/poplib.py
@@ -274,7 +274,7 @@ def rpop(self, user):
         return self._shortcmd('RPOP %s' % user)
 
 
-    timestamp = re.compile(r'\+OK.*(<[^>]+>)')
+    timestamp = re.compile(br'\+OK.[^<]*(<.*>)')
 
     def apop(self, user, secret):
         """Authorisation


debug log:

solving 5eb7ccfbc ...
found 5eb7ccfbc in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.