[Python-checkins] python/dist/src/Misc NEWS,1.1236,1.1237
gvanrossum at users.sourceforge.net
gvanrossum at users.sourceforge.net
Thu Feb 3 16:01:28 CET 2005
Update of /cvsroot/python/python/dist/src/Misc
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15460/Misc
Modified Files:
NEWS
Log Message:
Security fix PSF-2005-001 for SimpleXMLRPCServer.py.
Index: NEWS
===================================================================
RCS file: /cvsroot/python/python/dist/src/Misc/NEWS,v
retrieving revision 1.1236
retrieving revision 1.1237
diff -u -d -r1.1236 -r1.1237
--- NEWS 31 Jan 2005 17:09:20 -0000 1.1236
+++ NEWS 3 Feb 2005 15:01:24 -0000 1.1237
@@ -47,6 +47,10 @@
Library
-------
+- Applied a security fix to SimpleXMLRPCserver (PSF-2005-001). This
+ disables recursive traversal through instance attributes, which can
+ be exploited in various ways.
+
- Bug #1110478: Revert os.environ.update to do putenv again.
- Bug #1103844: fix distutils.install.dump_dirs() with negated options.
More information about the Python-checkins
mailing list