git.ipfire.org Git - thirdparty/Python/cpython.git/commit

]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit

projects / thirdparty / Python / cpython.git / commit

author	Victor Stinner <vstinner@redhat.com>
	Sun, 14 Jul 2019 07:04:15 +0000 (09:04 +0200)
committer	larryhastings <larry@hastings.org>
	Sun, 14 Jul 2019 07:04:15 +0000 (09:04 +0200)
commit	4fe82a8eef7aed60de05bfca0f2c322730ea921e
tree	be5fbed2a0a831f24c770f6ef95e7584e0d8230e	tree \| snapshot
parent	43a0ae920bb8962d20148cfbdf37a60c1ad45f5b	commit \| diff

bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505) (#13510)

CVE-2019-9948: Avoid file reading by disallowing local-file:// and
local_file:// URL schemes in URLopener().open() and
URLopener().retrieve() of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>

Lib/test/test_urllib.py		diff \| blob \| blame \| history
Lib/urllib/request.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst	[new file with mode: 0644]	blob

Mirror of https://github.com/python/cpython.git

RSS Atom