projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 58d0bc2) | patch
package/python3: add upstream security fix for CVE-2019-10160
authorPeter Korsgaard <peter@korsgaard.com>
Sun, 16 Jun 2019 21:17:11 +0000 (23:17 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Mon, 17 Jun 2019 19:05:31 +0000 (21:05 +0200)
commitb57490563c065e813e176173017e45dbd764939b
tree49f46fa12f47e4288912ce8a742ea50f641a17e3tree
parent58d0bc2f29fa427aa07876783dbc89e92b5e4302commit | diff
package/python3: add upstream security fix for CVE-2019-10160

Fixes CVE-2019-10160: urlsplit does not handle NFKC normalization (2nd fix)

While the fix for CVE-2019-9936 is included in 3.7.3, the followup
regression fixes unfortunatly aren't.

https://bugs.python.org/issue36742

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/python3/0033-bpo-36742-Fixes-handling-of-pre-normalization-charac.patch [new file with mode: 0644] blob
package/python3/0034-bpo-36742-Corrects-fix-to-handle-decomposition-in-us.patch [new file with mode: 0644] blob