projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 47d6d8e) | patch
python,python3: Fix CVE-2019-16056, CVE-2019-16935 10151/head
authorJeffery To <jeffery.to@gmail.com>
Fri, 4 Oct 2019 15:54:46 +0000 (23:54 +0800)
committerJeffery To <jeffery.to@gmail.com>
Fri, 4 Oct 2019 15:54:46 +0000 (23:54 +0800)
commita3be5cfa92133fe79006f8b19b7606f4fbb64c57
treea8441fc5cc453520ecd1573da4a922a7e9513f70tree | snapshot
parent47d6d8e514db6c760c089e6273c58d53eb7e0089commit | diff
python,python3: Fix CVE-2019-16056, CVE-2019-16935

These patches address issues:
CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
CVE-2019-16935: A reflected XSS in python/Lib/DocXMLRPCServer.py (for
Python 2.7)

CVE-2019-16935 was fixed for python3 in #10109

Links to Python issues:
https://bugs.python.org/issue34155
https://bugs.python.org/issue38243

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
lang/python/python/Makefile diff | blob | history
lang/python/python/patches/027-bpo-38243-Escape-the-server-title-of-DocXMLRPCServer.patch [new file with mode: 0644] blob
lang/python/python/patches/028-bpo-34155-Dont-parse-domains-containing-GH-13079.patch [new file with mode: 0644] blob
lang/python/python3/Makefile diff | blob | history
lang/python/python3/patches/028-bpo-34155-Dont-parse-domains-containing-GH-13079.patch [new file with mode: 0644] blob
Mirror of packages feed