Staging
v0.5.0
v0.5.0
https://github.com/python/cpython
Revision 69cdeeb93e0830004a495ed854022425b93b3f3e authored by Victor Stinner on 03 April 2020, 01:15:56 UTC, committed by GitHub on 03 April 2020, 01:15:56 UTC
The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> (cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
1 parent ebeabb5
Tip revision: 69cdeeb93e0830004a495ed854022425b93b3f3e authored by Victor Stinner on 03 April 2020, 01:15:56 UTC
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
Tip revision: 69cdeeb
| File | Mode | Size |
|---|---|---|
| .azure-pipelines | ||
| .github | ||
| Doc | ||
| Grammar | ||
| Include | ||
| Lib | ||
| Mac | ||
| Misc | ||
| Modules | ||
| Objects | ||
| PC | ||
| PCbuild | ||
| Parser | ||
| Programs | ||
| Python | ||
| Tools | ||
| .bzrignore | -rw-r--r-- | 582 bytes |
| .gitattributes | -rw-r--r-- | 1.6 KB |
| .gitignore | -rw-r--r-- | 1.4 KB |
| .hgignore | -rw-r--r-- | 1.3 KB |
| .travis.yml | -rw-r--r-- | 5.1 KB |
| LICENSE | -rw-r--r-- | 12.5 KB |
| Makefile.pre.in | -rw-r--r-- | 60.0 KB |
| README.rst | -rw-r--r-- | 9.6 KB |
| aclocal.m4 | -rw-r--r-- | 10.7 KB |
| config.guess | -rwxr-xr-x | 43.2 KB |
| config.sub | -rwxr-xr-x | 35.7 KB |
| configure | -rwxr-xr-x | 482.1 KB |
| configure.ac | -rw-r--r-- | 162.5 KB |
| install-sh | -rwxr-xr-x | 7.0 KB |
| pyconfig.h.in | -rw-r--r-- | 41.1 KB |
| setup.py | -rw-r--r-- | 102.4 KB |
Computing file changes ...
