FEDORA-EPEL-2020-19d171a465 — security update for python34: Security fix for CVE-2020-8492 — Fedora Updates System

stable

python34: Security fix for CVE-2020-8492

FEDORA-EPEL-2020-19d171a465 created by pviktori 5 years ago for Fedora EPEL 7

Security fix for CVE-2020-8492

This protects urllib HTTP clients against Regular Expression Denial of Service (ReDoS) attacks performed by a malicious server. Note that there is a change in behavior in handling responses with multiple WWW-Authenticate headers (which are quite rare; also Python's old behavior in these cases was definitely not correct).

This update has been submitted for testing by pviktori.

This update's test gating status has been changed to 'waiting'.

This update's test gating status has been changed to 'ignored'.

This update has been pushed to testing.

This update can be pushed to stable now if the maintainer wishes

churchyard commented & provided feedback 5 years ago

May I push this in?

This update has been submitted for stable by pviktori.

pviktori commented & provided feedback 5 years ago

Oops, I missed the notification. Pushed now.

This update has been pushed to stable.

Please log in to add feedback.

Metadata

Type

security

Severity

medium

Karma

0

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

3

Stable by Time

15 days

Dates

submitted

5 years ago

in testing

5 years ago

in stable

5 years ago

Builds

1

python34-3.4.10-5.el7

BZ#1809068 CVE-2020-8492 python34: python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS [epel-all]

0

0

python34-3.4.10-5.el7

Automated Test Results

ignored

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.11.2 on bodhi-web-13-nnx2h.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

• Composes • Legal • Privacy policy •