mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-06 00:38:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,528 Commits 38 Branches 617 Tags
24132c45bcefee4fa1d9de11da1c636ee7584832
Commit Graph

1 Commits

Author SHA1 Message Date
Sinan Kaya
97ee1f8087 python3: CVE-2018-1061 
* CVE-2018-1060
Prevent low-grade poplib REDOS:
The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.

Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.

* CVE-2018-1061
Prevent difflib REDOS
The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.
Replace it with an equivalent non-vulnerable regex.

Affects < 3.5.6rc1

CVE: CVE-2018-1060
CVE: CVE-2018-1061
Ref: https://access.redhat.com/security/cve/cve-2018-1060
Ref: https://access.redhat.com/security/cve/cve-2018-1061

(From OE-Core rev: 1461bcc72e6649920ecf4226e006e5667c48a21c)

Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-10-18 11:08:53 +01:00