summary refs log tree commit diff
path: root/gnu/packages/patches/python2-CVE-2018-1060.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/python2-CVE-2018-1060.patch')
-rw-r--r--gnu/packages/patches/python2-CVE-2018-1060.patch20
1 files changed, 20 insertions, 0 deletions
diff --git a/gnu/packages/patches/python2-CVE-2018-1060.patch b/gnu/packages/patches/python2-CVE-2018-1060.patch
new file mode 100644
index 0000000000..5eb7ccfbc9
--- /dev/null
+++ b/gnu/packages/patches/python2-CVE-2018-1060.patch
@@ -0,0 +1,20 @@
+Fix CVE-2018-1060:
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060
+
+Taken from upstream commit (sans test and NEWS):
+https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2
+
+diff --git a/Lib/poplib.py b/Lib/poplib.py
+index b91e5f72d2ca..a238510b38fc 100644
+--- a/Lib/poplib.py
++++ b/Lib/poplib.py
+@@ -274,7 +274,7 @@ def rpop(self, user):
+         return self._shortcmd('RPOP %s' % user)
+ 
+ 
+-    timestamp = re.compile(r'\+OK.*(<[^>]+>)')
++    timestamp = re.compile(br'\+OK.[^<]*(<.*>)')
+ 
+     def apop(self, user, secret):
+         """Authorisation
+