cpython

mirror of https://github.com/python/cpython.git synced 2025-07-29 22:24:49 +00:00

History

Gregory P. Smith f8b71da9aa [3.11] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96500 ) Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds. This PR comes fresh from a pile of work done in our private PSRT security response team repo. This backports https://github.com/python/cpython/pull/96499 aka `511ca94520` Signed-off-by: Christian Heimes [Red Hat] <christian@python.org> Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org> Reviews via the private PSRT repo via many others (see the NEWS entry in the PR). <!-- gh-issue-number: gh-95778 --> * Issue: gh-95778 <!-- /gh-issue-number --> I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).		2022-09-02 09:48:57 -07:00
..
cmdline.rst	[3.11] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96500 )	2022-09-02 09:48:57 -07:00
configure.rst	gh-90539: doc: Expand on what should not go into CFLAGS, LDFLAGS (GH-92754)	2022-06-20 07:14:47 -07:00
editors.rst	bpo-37610: improve Using Python doc wrt Editors & IDE (GH-14850)	2019-07-18 18:23:17 -07:00
index.rst	bpo-43774: Document configure options (GH-25283)	2021-04-08 22:32:21 +02:00
mac.rst	gh-95155: Update "Using Python on a Mac" documentation (GH-95284) (GH-95742)	2022-08-06 19:15:48 +02:00
unix.rst	gh-93851: Fix all broken links in Doc/ (GH-93853) (GH-94076)	2022-06-21 21:06:05 +02:00
venv-create.inc	gh-93851: Fix all broken links in Doc/ (GH-93853) (GH-94076)	2022-06-21 21:06:05 +02:00
win_installer.png	Optimize images by IMGbot (GH-21348)	2022-02-04 15:49:43 +09:00
windows.rst	gh-94399: Restore PATH search behaviour of py.exe launcher for '/usr/bin/env' shebang lines (GH-95582)	2022-08-03 15:00:46 -07:00