Fix CVE-2018-1060: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060 Taken from upstream commit (sans test and NEWS): https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 diff --git a/Lib/poplib.py b/Lib/poplib.py index b91e5f72d2ca..a238510b38fc 100644 --- a/Lib/poplib.py +++ b/Lib/poplib.py @@ -274,7 +274,7 @@ def rpop(self, user): return self._shortcmd('RPOP %s' % user) - timestamp = re.compile(r'\+OK.*(<[^>]+>)') + timestamp = re.compile(br'\+OK.[^<]*(<.*>)') def apop(self, user, secret): """Authorisation