Staging
v0.5.0
v0.5.0
https://github.com/python/cpython
Revision 69cdeeb93e0830004a495ed854022425b93b3f3e authored by Victor Stinner on 03 April 2020, 01:15:56 UTC, committed by GitHub on 03 April 2020, 01:15:56 UTC
The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> (cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
1 parent ebeabb5
Tip revision: 69cdeeb93e0830004a495ed854022425b93b3f3e authored by Victor Stinner on 03 April 2020, 01:15:56 UTC
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
Tip revision: 69cdeeb
File | Mode | Size |
---|---|---|
.azure-pipelines | ||
.github | ||
Doc | ||
Grammar | ||
Include | ||
Lib | ||
Mac | ||
Misc | ||
Modules | ||
Objects | ||
PC | ||
PCbuild | ||
Parser | ||
Programs | ||
Python | ||
Tools | ||
.bzrignore | -rw-r--r-- | 582 bytes |
.gitattributes | -rw-r--r-- | 1.6 KB |
.gitignore | -rw-r--r-- | 1.4 KB |
.hgignore | -rw-r--r-- | 1.3 KB |
.travis.yml | -rw-r--r-- | 5.1 KB |
LICENSE | -rw-r--r-- | 12.5 KB |
Makefile.pre.in | -rw-r--r-- | 60.0 KB |
README.rst | -rw-r--r-- | 9.6 KB |
aclocal.m4 | -rw-r--r-- | 10.7 KB |
config.guess | -rwxr-xr-x | 43.2 KB |
config.sub | -rwxr-xr-x | 35.7 KB |
configure | -rwxr-xr-x | 482.1 KB |
configure.ac | -rw-r--r-- | 162.5 KB |
install-sh | -rwxr-xr-x | 7.0 KB |
pyconfig.h.in | -rw-r--r-- | 41.1 KB |
setup.py | -rw-r--r-- | 102.4 KB |
Computing file changes ...