Staging
v0.5.1
v0.5.1
Revision 55d5bfba9482d39080f7b9ec3e6257ecd23f264f authored by Jamie Davis on 06 March 2018, 05:59:02 UTC, committed by Benjamin Peterson on 06 March 2018, 05:59:02 UTC
The regex to decode a number in fpformat is susceptible to catastrophic backtracking. This is a potential DOS vector if a server is using fpformat on untrusted number strings. Replace it with an equivalent non-vulnerable regex. The match behavior of the new regex is slightly different. It captures the whole integer part of the number in one group, Leading zeros are stripped off later.
1 parent e052d40
| File | Mode | Size |
|---|---|---|
| cgi | ||
| classes | ||
| comparisons | ||
| curses | ||
| embed | ||
| md5test | ||
| metaclasses | ||
| newmetaclasses | ||
| parser | ||
| pdist | ||
| pysvr | ||
| rpc | ||
| scripts | ||
| sockets | ||
| threads | ||
| tix | ||
| tkinter | ||
| turtle | ||
| xml | ||
| zlib | ||
| README | -rw-r--r-- | 1.9 KB |
Computing file changes ...
