[Buildroot] [PATCH] package/python: add upstream security fix for CVE-2019-9740
Peter Korsgaard
peter at korsgaard.com
Wed Aug 28 13:04:38 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib
> in Python 3.x through 3.7.3. CRLF injection is possible if the attacker
> controls a url parameter, as demonstrated by the first argument to
> urllib.request.urlopen with \r\n (specifically in the query string after a ?
> character) followed by an HTTP header or a Redis command.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list