Staging
v0.5.1
v0.5.1
https://github.com/python/cpython
Revision b57a73694e26e8b2391731b5ee0b1be59437388e authored by Miss Islington (bot) on 02 April 2020, 10:16:17 UTC, committed by GitHub on 02 April 2020, 10:16:17 UTC
The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Victor Stinner <vstinner@python.org> (cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
1 parent 8e069fc
Tip revision: b57a73694e26e8b2391731b5ee0b1be59437388e authored by Miss Islington (bot) on 02 April 2020, 10:16:17 UTC
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19297)
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (GH-19297)
Tip revision: b57a736
File | Mode | Size |
---|---|---|
.azure-pipelines | ||
.github | ||
Doc | ||
Grammar | ||
Include | ||
Lib | ||
Mac | ||
Misc | ||
Modules | ||
Objects | ||
PC | ||
PCbuild | ||
Parser | ||
Programs | ||
Python | ||
Tools | ||
m4 | ||
.gitattributes | -rw-r--r-- | 1.6 KB |
.gitignore | -rw-r--r-- | 1.5 KB |
.travis.yml | -rw-r--r-- | 6.1 KB |
CODE_OF_CONDUCT.rst | -rw-r--r-- | 631 bytes |
LICENSE | -rw-r--r-- | 12.5 KB |
Makefile.pre.in | -rw-r--r-- | 62.9 KB |
README.rst | -rw-r--r-- | 9.6 KB |
aclocal.m4 | -rw-r--r-- | 10.7 KB |
config.guess | -rwxr-xr-x | 43.1 KB |
config.sub | -rwxr-xr-x | 35.4 KB |
configure | -rwxr-xr-x | 492.1 KB |
configure.ac | -rw-r--r-- | 164.8 KB |
install-sh | -rwxr-xr-x | 7.0 KB |
pyconfig.h.in | -rw-r--r-- | 42.3 KB |
setup.py | -rw-r--r-- | 101.3 KB |
Computing file changes ...