21 lines
593 B
Diff
21 lines
593 B
Diff
|
Fix CVE-2018-1060:
|
||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060
|
||
|
|
||
|
Taken from upstream commit (sans test and NEWS):
|
||
|
https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2
|
||
|
|
||
|
diff --git a/Lib/poplib.py b/Lib/poplib.py
|
||
|
index b91e5f72d2ca..a238510b38fc 100644
|
||
|
--- a/Lib/poplib.py
|
||
|
+++ b/Lib/poplib.py
|
||
|
@@ -274,7 +274,7 @@ def rpop(self, user):
|
||
|
return self._shortcmd('RPOP %s' % user)
|
||
|
|
||
|
|
||
|
- timestamp = re.compile(r'\+OK.*(<[^>]+>)')
|
||
|
+ timestamp = re.compile(br'\+OK.[^<]*(<.*>)')
|
||
|
|
||
|
def apop(self, user, secret):
|
||
|
"""Authorisation
|
||
|
|