Security fix for CVE-2020-8492

This protects urllib HTTP clients against Regular Expression Denial of Service (ReDoS) attacks performed by a malicious server. Note that there is a change in behavior in handling responses with multiple WWW-Authenticate headers (which are quite rare; also Python's old behavior in these cases was definitely not correct).

This update has been submitted for testing by pviktori.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

This update's test gating status has been changed to 'ignored'.

11 months ago

This update has been pushed to testing.

11 months ago

This update can be pushed to stable now if the maintainer wishes

11 months ago
User Icon churchyard commented & provided feedback 9 months ago

May I push this in?

This update has been submitted for stable by pviktori.

8 months ago
User Icon pviktori commented & provided feedback 8 months ago

Oops, I missed the notification. Pushed now.

This update has been pushed to stable.

8 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
15 days
Dates
submitted
11 months ago
in testing
11 months ago
in stable
8 months ago
BZ#1809068 CVE-2020-8492 python34: python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS [epel-all]
0
0

Automated Test Results