Serhiy Storchaka <storchaka+cpyt...@gmail.com> added the comment:
This bug is not new, and this is the first report for it. It can be treated as a security issue if an application allows user to specify format string. But using a format string from untrusted source causes a security issue itself, because this allows to spend memory and CPU time for creating an arbitrary large string object. Also, unlikely debug builds be used in production. I would backport the solution of this issue to 3.6, but it is not bad if it will be not backported. I think this is not a release blocker. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue35560> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
