git.99rst.org / openwrt-packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 15a0606)
python,python3: Fix CVE-2019-9948 - local_file:// allowed in urllib
authorJeffery To <redacted>
Mon, 3 Jun 2019 18:41:35 +0000 (02:41 +0800)
committerJeffery To <redacted>
Tue, 4 Jun 2019 14:20:21 +0000 (22:20 +0800)
commit53838903fe656801e89641a1c6bcc7f64e4eb9c1
treedcdbe6686f3be75d1e0b3ee56428588460f9b96dtree | snapshot
parent15a06064034478ab65f0c19dad3e043578226a45commit | diff
python,python3: Fix CVE-2019-9948 - local_file:// allowed in urllib

These patches address issue:
CVE-2019-9948: Unnecessary URL scheme exists to allow local_file://
reading file in urllib

Link to Python issue:
https://bugs.python.org/issue35907

Issue 35907 is still currently open, waiting for a decision for
Python 3.5; these patches for Python 2.7 and 3.7 have been merged.

Signed-off-by: Jeffery To <redacted>
lang/python/python/Makefile diff | blob | history
lang/python/python/patches/023-bpo-35907-Avoid-file-reading-as-disallowing-the-unnecessary-URL-scheme-in-urllib-GH-11842.patch [new file with mode: 0644] blob
lang/python/python3/Makefile diff | blob | history
lang/python/python3/patches/023-bpo-35907-CVE-2019-9948-urllib-rejects-local_file-scheme-GH-13505.patch [new file with mode: 0644] blob
git clone https://git.99rst.org/PROJECT