pool/python
SHA256
11
0
Fork 1
Code Issues Pull Requests Activity

Accepting request 700428 from home:mcepl:branches:devel:languages:python:Factory

Browse Source 
- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
  Address the issue by disallowing URL paths with embedded
  whitespace or control characters through into the underlying
  http client request. Such potentially malicious header
  injection URLs now cause a ValueError to be raised.

OBS-URL: https://build.opensuse.org/request/show/700428
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=243
This commit is contained in:
Matej Cepl
2019-05-03 15:46:24 +00:00
committed by Git OBS Bridge
parent 88ffffeead
commit 2f5ed5b585
5 changed files with 129 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
python-base.changes
View File

@@ -1,3 +1,12 @@
-------------------------------------------------------------------
Thu May 2 08:40:33 CEST 2019 - Matej Cepl <mcepl@suse.com>
- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
Address the issue by disallowing URL paths with embedded
whitespace or control characters through into the underlying
http client request. Such potentially malicious header
injection URLs now cause a ValueError to be raised.
-------------------------------------------------------------------
Mon Apr 8 22:40:01 CEST 2019 - Matej Cepl <mcepl@suse.com>