git.ipfire.org Git - thirdparty/Python/cpython.git/commit

]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit

projects / thirdparty / Python / cpython.git / commit

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Tue, 9 May 2023 16:46:25 +0000 (09:46 -0700)
committer	GitHub <noreply@github.com>
	Tue, 9 May 2023 16:46:25 +0000 (09:46 -0700)
commit	4ed59b1f330ca97b9f0b5567485283df24175fe4
tree	c80a067f236b81be6cc8fa7433b1f26292732276	tree \| snapshot
parent	97e1e43af1378e24f902719da43d43964dad0960	commit \| diff

[3.11] gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096) (#104329)

gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096)

* Fix directory traversal security flaw in uu.decode()
* also check absolute paths and os.altsep
* Add a regression test.

---------

(cherry picked from commit 0aeda297931820436a50b78f4f7f0597274b5df4)

[Google]

Co-authored-by: Sam Carroll <70000253+samcarroll42@users.noreply.github.com>

Lib/test/test_uu.py		diff \| blob \| blame \| history
Lib/uu.py	[changed mode: 0755->0644]	diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2023-05-02-17-56-32.gh-issue-99889.l664SU.rst	[new file with mode: 0644]	blob

Mirror of https://github.com/python/cpython.git

RSS Atom