[Buildroot] [PATCH-2019.02.x] package/python3-urllib: security bump to version 1.24.3
Peter Korsgaard
peter at korsgaard.com
Wed Aug 28 15:15:31 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security vulnerability:
> CVE-2019-9740: An issue was discovered in urllib2 in Python 2.x through
> 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible
> if the attacker controls a url parameter, as demonstrated by the first
> argument to urllib.request.urlopen with \r\n (specifically in the query
> string after a ? character) followed by an HTTP header or a Redis command.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.02.x and 2019.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list