CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2022/09/08 13:36:23
Modified files:
lang/python/3.10: Makefile distinfo
lang/python/3.10/pkg: PLIST-main
Log message:
https://www.python.org/downloads/release/python-3107/
* gh-95778: Converting between int and str in bases other than 2
(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10
(decimal) now raises a ValueError if the number of digits in string form
is above a limit to avoid potential denial of service attacks due to the
algorithmic complexity. This is a mitigation for CVE-2020-10735.
This new limit can be configured or disabled by environment variable,
command line flag, or sys APIs. See the integer string conversion length
limitation documentation. The default limit is 4300 digits in string
form.
Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with
feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily,
and Mark Dickinson.
ok sthen
