Author serhiy.storchaka
Recipients eric.smith, serhiy.storchaka, vstinner, xtreak
Date 2018-12-22.16:14:26
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1545495266.24.0.0770528567349.issue35560@roundup.psfhosted.org>
In-reply-to
Content
This bug is not new, and this is the first report for it. It can be treated as a security issue if an application allows user to specify format string. But using a format string from untrusted source causes a security issue itself, because this allows to spend memory and CPU time for creating an arbitrary large string object. Also, unlikely debug builds be used in production.

I would backport the solution of this issue to 3.6, but it is not bad if it will be not backported. I think this is not a release blocker.
History
Date User Action Args
2018-12-22 16:14:28serhiy.storchakasetrecipients: + serhiy.storchaka, vstinner, eric.smith, xtreak
2018-12-22 16:14:26serhiy.storchakasetmessageid: <1545495266.24.0.0770528567349.issue35560@roundup.psfhosted.org>
2018-12-22 16:14:26serhiy.storchakalinkissue35560 messages
2018-12-22 16:14:26serhiy.storchakacreate