Staging
v0.5.1
v0.5.1
https://github.com/python/cpython
Revision 69cdeeb93e0830004a495ed854022425b93b3f3e authored by Victor Stinner on 03 April 2020, 01:15:56 UTC, committed by GitHub on 03 April 2020, 01:15:56 UTC
The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> (cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
1 parent ebeabb5
Tip revision: 69cdeeb93e0830004a495ed854022425b93b3f3e authored by Victor Stinner on 03 April 2020, 01:15:56 UTC
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
Tip revision: 69cdeeb
| File | Mode | Size |
|---|---|---|
| c-api | ||
| data | ||
| distributing | ||
| distutils | ||
| extending | ||
| faq | ||
| howto | ||
| includes | ||
| install | ||
| installing | ||
| library | ||
| reference | ||
| tools | ||
| tutorial | ||
| using | ||
| whatsnew | ||
| Makefile | -rw-r--r-- | 7.3 KB |
| README.rst | -rw-r--r-- | 4.5 KB |
| about.rst | -rw-r--r-- | 1.5 KB |
| bugs.rst | -rw-r--r-- | 4.2 KB |
| conf.py | -rw-r--r-- | 6.2 KB |
| contents.rst | -rw-r--r-- | 538 bytes |
| copyright.rst | -rw-r--r-- | 451 bytes |
| docutils.conf | -rw-r--r-- | 56 bytes |
| glossary.rst | -rw-r--r-- | 51.2 KB |
| license.rst | -rw-r--r-- | 46.2 KB |
| make.bat | -rw-r--r-- | 5.4 KB |
Computing file changes ...
