This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author nikratio
Recipients Arfrever, christian.heimes, eric.araujo, nadeem.vawda, nikratio, pitrou, serhiy.storchaka
Date 2013-04-21.23:04:35
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The lack of output size limiting has security implications as well.

Without being able to limit the size of the uncompressed data returned per call, it is not possible to decompress untrusted lzma or bz2 data without becoming susceptible to a DoS attack, as the attacker can force allocation of gigantic buffers by sending just a tiny amount of compressed data.
Date User Action Args
2013-04-21 23:04:35nikratiosetrecipients: + nikratio, pitrou, christian.heimes, nadeem.vawda, eric.araujo, Arfrever, serhiy.storchaka
2013-04-21 23:04:35nikratiosetmessageid: <>
2013-04-21 23:04:35nikratiolinkissue15955 messages
2013-04-21 23:04:35nikratiocreate