Staging
v0.5.1
v0.5.1
Revision ea9e240aa02372440be8024acb110371f69c9d41 authored by Miss Islington (bot) on 02 April 2020, 10:15:55 UTC, committed by GitHub on 02 April 2020, 10:15:55 UTC
The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge. Co-Authored-By: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Victor Stinner <vstinner@python.org> (cherry picked from commit 0b297d4ff1c0e4480ad33acae793fbaf4bf015b4)
1 parent 40fff1f
![swh spinner](/static/img/swh-spinner.gif)
Computing file changes ...