[Buildroot] [PATCH] package/python-urllib3: security bump to 1.25.9
Peter Korsgaard
peter at korsgaard.com
Wed Jul 22 07:05:43 UTC 2020
>>>>> "Matt" == Matt Weber <matthew.weber at rockwellcollins.com> writes:
> Fixes CVE-2020-7212 (1.25.2 - 1.25.7)
> The _encode_invalid_chars function does not remove duplicate percent
> encodings in the _percent_encodings array, which combined with the
> normalization step could take O(N^2) time to compute for a URL of
> length N. This results in a marginally higher CPU consumption
> compared to the potential linear time achieved by deduplicating
> the _percent_encodings array.
> CC: Peter Korsgaard <peter at korsgaard.com>
> Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
> --
> Also applies to 2020.02.x
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list