Tags · linuxsy/cpython

fedora-2.7.18-6

00354-cve-2020-26116-http-request-method-crlf-injection-in-httplib.patch

00354 #
Reject control chars in HTTP method in httplib.putrequest to prevent
HTTP header injection

Backported from Python 3.5-3.10 (and adjusted for py2's single-module httplib):
- https://bugs.python.org/issue39603
- python#18485 (3.10)
- python#21946 (3.5)

Co-authored-by: AMIR <31338382+amiremohamadi@users.noreply.github.com>

Sep 30, 2020
2da5f0e
zip
tar.gz

fedora-2.7.18-5

00351-cve-2019-20907-fix-infinite-loop-in-tarfile.patch

00351 #
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
(CVE-2019-20907).
See: https://bugs.python.org/issue39017