Staging
v0.5.1
v0.5.1
Revision 55d5bfba9482d39080f7b9ec3e6257ecd23f264f authored by Jamie Davis on 06 March 2018, 05:59:02 UTC, committed by Benjamin Peterson on 06 March 2018, 05:59:02 UTC
The regex to decode a number in fpformat is susceptible to catastrophic backtracking. This is a potential DOS vector if a server is using fpformat on untrusted number strings. Replace it with an equivalent non-vulnerable regex. The match behavior of the new regex is slightly different. It captures the whole integer part of the number in one group, Leading zeros are stripped off later.
1 parent e052d40
File | Mode | Size |
---|---|---|
cgi | ||
classes | ||
comparisons | ||
curses | ||
embed | ||
md5test | ||
metaclasses | ||
newmetaclasses | ||
parser | ||
pdist | ||
pysvr | ||
rpc | ||
scripts | ||
sockets | ||
threads | ||
tix | ||
tkinter | ||
turtle | ||
xml | ||
zlib | ||
README | -rw-r--r-- | 1.9 KB |
![swh spinner](/static/img/swh-spinner.gif)
Computing file changes ...