[Buildroot] [PATCH] package/python: add upstream security fix for CVE-2019-9740

Peter Korsgaard peter at korsgaard.com
Wed Aug 28 13:04:38 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib
 > in Python 3.x through 3.7.3.  CRLF injection is possible if the attacker
 > controls a url parameter, as demonstrated by the first argument to
 > urllib.request.urlopen with \r\n (specifically in the query string after a ?
 > character) followed by an HTTP header or a Redis command.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list