[Buildroot] [PATCH-2019.02.x] package/python3-urllib: security bump to version 1.24.3

Peter Korsgaard peter at korsgaard.com
Wed Aug 28 15:15:31 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security vulnerability:
 > CVE-2019-9740: An issue was discovered in urllib2 in Python 2.x through
 > 2.7.16 and urllib in Python 3.x through 3.7.3.  CRLF injection is possible
 > if the attacker controls a url parameter, as demonstrated by the first
 > argument to urllib.request.urlopen with \r\n (specifically in the query
 > string after a ?  character) followed by an HTTP header or a Redis command.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2019.02.x and 2019.05.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list