Revision - 4f06dae - bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme [...]

Staging
v0.5.1

Revision 4f06dae5d8d4400ba38d8502da620f07d4a5696e authored by Victor Stinner on 29 May 2019, 02:30:48 UTC, committed by Ned Deily on 29 May 2019, 02:30:47 UTC

bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13513)

CVE-2019-9948: Avoid file reading by disallowing local-file:// and
local_file:// URL schemes in URLopener().open() and
URLopener().retrieve() of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587)
(cherry picked from commit 34bab215596671d0dec2066ae7d7450cd73f638b)

1 parent 8ab624b

Files
Changes

Permalinks

.bzrignore

.purify
autom4te.cache
config.log
config.cache
config.status
config.status.lineno
db_home
Makefile
buildno
python
build
Makefile.pre
platform
pybuilddir.txt
pyconfig.h
libpython*.a
libpython*.so*
python.exe
python-gdb.py
reflog.txt
tags
TAGS
.gdb_history
Doc/tools/sphinx
Doc/tools/jinja
Doc/tools/jinja2
Doc/tools/pygments
Doc/tools/docutils
Misc/python.pc
Modules/Setup
Modules/Setup.config
Modules/Setup.local
Modules/config.c
Modules/ld_so_aix
Parser/pgen
Lib/test/data/*
Lib/lib2to3/Grammar*.pickle
Lib/lib2to3/PatternGrammar*.pickle
__pycache__
.coverage
coverage/*
htmlcov/*

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...