projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b60caa4) | patch
python: Fix CVE-2019-16056, CVE-2019-16935 10155/head
authorJeffery To <jeffery.to@gmail.com>
Fri, 4 Oct 2019 16:58:08 +0000 (00:58 +0800)
committerJeffery To <jeffery.to@gmail.com>
Fri, 4 Oct 2019 16:58:08 +0000 (00:58 +0800)
commitdad9a1a2a4a1720537e91ac9c125721ec4996eea
tree8d06ff5a94b48719bb0ed8a94bde9bceb163ce1atree | snapshot
parentb60caa494026704fb4277d64aebc2f6e960c32e0commit | diff
python: Fix CVE-2019-16056, CVE-2019-16935

These patches address issues:
CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
CVE-2019-16935: A reflected XSS in python/Lib/DocXMLRPCServer.py

Links to Python issues:
https://bugs.python.org/issue34155
https://bugs.python.org/issue38243

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
lang/python/python/Makefile diff | blob | history
lang/python/python/patches/027-bpo-38243-Escape-the-server-title-of-DocXMLRPCServer.patch [new file with mode: 0644] blob
lang/python/python/patches/028-bpo-34155-Dont-parse-domains-containing-GH-13079.patch [new file with mode: 0644] blob
Mirror of packages feed