ticket,summary,type,release,owner,status,created,modified,_description,_reporter
11080,Evaluate effect of CVE-2012-0845 on this plugin,task,0.11,mitsuhiko,new,2013-05-14T22:26:24+02:00,2020-05-01T06:51:13+02:00,"(Overview of CVE-2012-0845):
 SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.

The full import and direct use of `SimpleXMLRPCServer` in `ircannouncerplugin/Trac/plugin.py` might not be relevant, because it looks like an abonded development tree.?

Only `CGIXMLRPCRequestHandler` is imported from `SimpleXMLRPCServer` and used in `0.11/tracext/ircannouncer/utils`, so I'm really unsure, if this plugin could be affected somehow.

[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0845
",Steffen Hoffmann