From: Benjamin Peterson <benjamin@python.org>
Date: Sat, 6 Dec 2014 01:30:54 +0000 (-0500)
Subject: merge 3.2 (#16043)
X-Git-Tag: v3.4.3rc1~257^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=81b7374fbe5f77567642d5aa42d4c1e6eee610b2;p=thirdparty%2FPython%2Fcpython.git

merge 3.2 (#16043)
---

81b7374fbe5f77567642d5aa42d4c1e6eee610b2
diff --cc Misc/NEWS
index 7676c9051dd3,3cff3cdf876b..c66da32f9e73
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@@ -26,8 -16,18 +26,11 @@@ Core and Builtin
  Library
  -------
  
+ - Issue #16043: Add a default limit for the amount of data xmlrpclib.gzip_decode
+   will return. This resolves CVE-2013-1753.
+ 
 -- Issue #16040: CVE-2013-1752: nntplib: Limit maximum line lengths to 2048 to
 -  prevent readline() calls from consuming too much memory.  Patch by Jyrki
 -  Pulliainen.
 -
 -- Issue #16039: CVE-2013-1752: Change use of readline in imaplib module to limit
 -  line length.  Patch by Emil Lind.
 -
 -- Issue #22421: Fix a regression that caused the pydoc server to be bound to
 -  all interfaces instead of only localhost.
 +- Issue #22517: When a io.BufferedRWPair object is deallocated, clear its
 +  weakrefs.
  
  - Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
    65536 bytes and send a 414 error code for higher lengths. Patch contributed