pool/python39
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 919259 from devel:languages:python:Factory

Browse Source 
- bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now
      avoids infinitely reading potential HTTP headers after
      a 100 Continue status response from the server.
    - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular
      Expression Denial of Service (ReDoS) vulnerability in
      urllib.request.AbstractBasicAuthHandler. The
      ReDoS-vulnerable regex has quadratic worst-case complexity
      and it allows cause a denial of service when identifying
      crafted invalid RFCs. This ReDoS issue is on the client
      side and needs remote attackers to control the HTTP server.

OBS-URL: https://build.opensuse.org/request/show/919259
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python39?expand=0&rev=22
This commit is contained in:
Dominique Leuenberger 2021-09-20 21:32:04 +00:00 committed by Git OBS Bridge
commit b3f4fa91cb
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
python39.changes
View File

@ -239,9 +239,9 @@ Mon Aug 9 11:14:15 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Update to 3.9.6:
* Security
- bpo-44022: mod:http.client now avoids infinitely reading
potential HTTP headers after a 100 Continue status response
from the server.
- bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now
avoids infinitely reading potential HTTP headers after
a 100 Continue status response from the server.
* Core and Builtins
- bpo-44168: Fix error message in the parser involving keyword
arguments with invalid expressions. Patch by Pablo Galindo
@ -350,13 +350,13 @@ Wed May 5 15:16:58 UTC 2021 - Matej Cepl <mcepl@suse.com>
notatation. glibc implementation of modern inet_pton() does
not accept any leading zeros. For a while the ipaddress
module used to accept ambiguous leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
vulnerability in urllib.request.AbstractBasicAuthHandler.
The ReDoS-vulnerable regex has quadratic worst-case
complexity and it allows cause a denial of service when
identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the
HTTP server.
- bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular
Expression Denial of Service (ReDoS) vulnerability in
urllib.request.AbstractBasicAuthHandler. The
ReDoS-vulnerable regex has quadratic worst-case complexity
and it allows cause a denial of service when identifying
crafted invalid RFCs. This ReDoS issue is on the client
side and needs remote attackers to control the HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code,
traceback.tb_frame, and generator code/frame attribute
access.