Staging
v0.8.1
v0.8.1
https://github.com/python/cpython
Revision 69cdeeb93e0830004a495ed854022425b93b3f3e authored by Victor Stinner on 03 April 2020, 01:15:56 UTC, committed by GitHub on 03 April 2020, 01:15:56 UTC
The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> (cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
1 parent ebeabb5
Tip revision: 69cdeeb93e0830004a495ed854022425b93b3f3e authored by Victor Stinner on 03 April 2020, 01:15:56 UTC
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19304)
Tip revision: 69cdeeb
File | Mode | Size |
---|---|---|
NEWS.d | ||
ACKS | -rw-r--r-- | 25.4 KB |
HISTORY | -rw-r--r-- | 1.3 MB |
Porting | -rw-r--r-- | 63 bytes |
README | -rw-r--r-- | 1.4 KB |
README.AIX | -rw-r--r-- | 5.0 KB |
README.coverity | -rw-r--r-- | 845 bytes |
README.valgrind | -rw-r--r-- | 4.5 KB |
SpecialBuilds.txt | -rw-r--r-- | 10.0 KB |
coverity_model.c | -rw-r--r-- | 4.1 KB |
gdbinit | -rw-r--r-- | 4.7 KB |
indent.pro | -rw-r--r-- | 557 bytes |
python-config.in | -rw-r--r-- | 2.0 KB |
python-config.sh.in | -rw-r--r-- | 2.9 KB |
python-wing3.wpr | -rw-r--r-- | 555 bytes |
python-wing4.wpr | -rw-r--r-- | 835 bytes |
python-wing5.wpr | -rw-r--r-- | 835 bytes |
python.man | -rw-r--r-- | 13.3 KB |
python.pc.in | -rw-r--r-- | 293 bytes |
svnmap.txt | -rw-r--r-- | 4.1 MB |
valgrind-python.supp | -rw-r--r-- | 8.2 KB |
vgrindefs | -rw-r--r-- | 500 bytes |
Computing file changes ...