bpo-38945: UU Encoding: Don't let newline in filename corrupt the output format (GH-17418) (GH-17444)

(cherry picked from commit a62ad4730c9b575f140f24074656c0257c86a09a) Co-authored-by: Matthew Rollings <1211162+stealthcopter@users.noreply.github.com>
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2019-12-02 15:34:31 -0800
committer: Ned Deily <nad@python.org> 2019-12-02 18:34:31 -0500
commit: 30afc91f5e70cf4748ffac77a419ba69ebca6f6a (patch)
tree: 6087265e569a60cda437f8e43e9c9f2019d27fd9 /Misc/NEWS.d/next/Security
parent: bpo-38804: Fix REDoS in http.cookiejar (GH-17157) (#17343) (diff)
download: cpython-30afc91f5e70cf4748ffac77a419ba69ebca6f6a.tar.gz
cpython-30afc91f5e70cf4748ffac77a419ba69ebca6f6a.tar.bz2
cpython-30afc91f5e70cf4748ffac77a419ba69ebca6f6a.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst b/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst
new file mode 100644
index 00000000000..1bf6ed567b2
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-12-01-22-44-40.bpo-38945.ztmNXc.rst
@@ -0,0 +1 @@
+Newline characters have been escaped when performing uu encoding to prevent them from overflowing into to content section of the encoded file. This prevents malicious or accidental modification of data during the decoding process.
+\ No newline at end of file
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2019-12-02 15:34:31 -0800
committer	Ned Deily <nad@python.org>	2019-12-02 18:34:31 -0500
commit	30afc91f5e70cf4748ffac77a419ba69ebca6f6a (patch)
tree	6087265e569a60cda437f8e43e9c9f2019d27fd9 /Misc/NEWS.d/next/Security
parent	bpo-38804: Fix REDoS in http.cookiejar (GH-17157) (#17343) (diff)
download	cpython-30afc91f5e70cf4748ffac77a419ba69ebca6f6a.tar.gz cpython-30afc91f5e70cf4748ffac77a419ba69ebca6f6a.tar.bz2 cpython-30afc91f5e70cf4748ffac77a419ba69ebca6f6a.zip