git.openwrt.org Git - feed/packages.git/commit

author	Jeffery To <jeffery.to@gmail.com>
	Sun, 2 Jun 2019 16:38:53 +0000 (00:38 +0800)
committer	Jeffery To <jeffery.to@gmail.com>
	Sun, 2 Jun 2019 16:38:53 +0000 (00:38 +0800)
commit	9331fbb1a055bf73a52b51b9f7fc1558d93dad66
tree	400f3164c4af6f22ed39eca79ce35a9c2e0cdc55	tree \| snapshot
parent	982c389732d2d0589d15cfc1835e289275140c8c	commit \| diff

python,python3: Fix CVE-2019-9740 and CVE-2019-9947

These patches address issues:
CVE-2019-9740: Python urllib CRLF injection vulnerability
CVE-2019-9947: Header Injection in urllib

Links to Python issues:
https://bugs.python.org/issue36276 (resolved duplicated of 30458)
https://bugs.python.org/issue35906 (resolved duplicated of 30458)
https://bugs.python.org/issue30458

Issue 30458 is still currently open, waiting for a decision for
Python 3.5; these patches for Python 2.7 and 3.7 have been merged.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>

lang/python/python/Makefile		diff \| blob \| history
lang/python/python/patches/022-bpo-30458-Disallow-control-chars-in-http-URLs-GH-13315.patch	[new file with mode: 0644]	blob
lang/python/python3/Makefile		diff \| blob \| history
lang/python/python3/patches/022-bpo-30458-Disallow-control-chars-in-http-URLs-GH-13154.patch	[new file with mode: 0644]	blob