git.ipfire.org Git - thirdparty/Python/cpython.git/commit

]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit

projects / thirdparty / Python / cpython.git / commit

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Tue, 9 May 2023 16:46:47 +0000 (09:46 -0700)
committer	GitHub <noreply@github.com>
	Tue, 9 May 2023 16:46:47 +0000 (09:46 -0700)
commit	cfa4295cd14ce00fe5263c7083aa5a73b515828d
tree	3e523422b308b3d5861fda929ac4900ccdc594aa	tree \| snapshot
parent	d77e77c363a170f4435cbe826628b6a347654d9e	commit \| diff

[3.10] gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096) (#104330)

gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096)

* Fix directory traversal security flaw in uu.decode()
* also check absolute paths and os.altsep
* Add a regression test.

---------

(cherry picked from commit 0aeda297931820436a50b78f4f7f0597274b5df4)

[Google]

Co-authored-by: Sam Carroll <70000253+samcarroll42@users.noreply.github.com>

Lib/test/test_uu.py		diff \| blob \| blame \| history
Lib/uu.py	[changed mode: 0755->0644]	diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2023-05-02-17-56-32.gh-issue-99889.l664SU.rst	[new file with mode: 0644]	blob

Mirror of https://github.com/python/cpython.git

RSS Atom