CVE-2011-1521

Priority
Description
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before
3.2.1 process Location headers that specify redirection to file: URLs,
which makes it easier for remote attackers to obtain sensitive information
or cause a denial of service (resource consumption) via a crafted URL, as
demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Assigned-to
jdstrand
Notes
jdstrandalso needs a testcase fix
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-0492.html
Package
Upstream:released (2.6.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-0554.html
Upstream:http://hg.python.org/cpython/rev/9eeda8e3a13f/ (pt1)
Upstream:http://hg.python.org/cpython/rev/90ec0bc01f3b (pt2)
Package
Upstream:released (2.7.2)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.7.2~rc1-2)
Patches:
Upstream:http://hg.python.org/cpython/rev/b2934d98dac1/ (pt1)
Upstream:http://hg.python.org/cpython/rev/34d5d794ccc1 (pt2)
Package
Upstream:released (3.1.4 rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Patches:
Upstream:http://hg.python.org/cpython/rev/5937d2119a20
Package
Upstream:released (3.2.1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (3.2.1~rc1-1)
Patches:
Upstream:http://hg.python.org/cpython/rev/968bca2cab60
More Information

Updated: 2019-12-05 20:56:58 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)