[Buildroot] [PATCH] package/python-urllib3: security bump to 1.25.9

Peter Korsgaard peter at korsgaard.com
Wed Jul 22 07:05:43 UTC 2020


>>>>> "Matt" == Matt Weber <matthew.weber at rockwellcollins.com> writes:

 > Fixes CVE-2020-7212 (1.25.2 - 1.25.7)
 > The _encode_invalid_chars function does not remove duplicate percent
 > encodings in the _percent_encodings array, which combined with the
 > normalization step could take O(N^2) time to compute for a URL of
 > length N. This results in a marginally higher CPU consumption
 > compared to the potential linear time achieved by deduplicating
 > the _percent_encodings array.

 > CC: Peter Korsgaard <peter at korsgaard.com>
 > Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
 > --

 > Also applies to 2020.02.x

Committed to 2020.02.x and 2020.05.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list