modernize the test, expand the NEWS entry.

Author: gpshead

Lib/test/test_imaplib.py

@@ -913,11 +913,11 @@ def handle(self):
                 self._send_textline('* OK {%d}' % size)
                 self._send_textline('IMAP4rev1')
 
-        for w in range(15, 64):
-            size = 1 << w
+        for exponent in range(15, 64):
+            size = 1 << exponent
             with self.reaped_server(BadHandler) as server:
-                self.assertRaises(imaplib.IMAP4.abort,
-                                  self.imap_class, *server.server_address)
+                with self.assertRaises(imaplib.IMAP4.abort):
+                    self.imap_class(*server.server_address)
 
     @threading_helper.reap_threads
     def test_simple_with_statement(self):

Misc/NEWS.d/next/Security/2024-05-24-21-00-52.gh-issue-119511.jKrXQ8.rst

@@ -1,2 +1,7 @@
-Fix a vulnerability in the :mod:`imaplib` module, when connecting to a
-malicious server could cause an arbitrary amount of memory to be consumed.
+Fix a potential denial of service vulnerability in the :mod:`imaplib` module.
+When connecting to a malicious server, it could cause an arbitrary amount of
+memory to be allocated. On many systems this is harmless as unused virtual
+memory is only a mapping, but if this hit a virtual address size limit it could
+lead to a :exc:`MemoryError` or other process crash. On unusual systems or
+builds where all allocated memory is touched and backed by actual ram or
+storage it could've consumed resources doing so until similarly crashing.