CVE-2011-1521

Priority
Description
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before
3.2.1 process Location headers that specify redirection to file: URLs,
which makes it easier for remote attackers to obtain sensitive information
or cause a denial of service (resource consumption) via a crafted URL, as
demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Notes
 jdstrand> also needs a testcase fix
Assigned-to
jdstrand
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-0492.html
Package
Upstream:released (2.6.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2011-0554.html
Upstream:http://hg.python.org/cpython/rev/9eeda8e3a13f/ (pt1)
Upstream:http://hg.python.org/cpython/rev/90ec0bc01f3b (pt2)
Package
Upstream:released (2.7.2)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2.7.2~rc1-2)
Patches:
Upstream:http://hg.python.org/cpython/rev/b2934d98dac1/ (pt1)
Upstream:http://hg.python.org/cpython/rev/34d5d794ccc1 (pt2)
Package
Upstream:released (3.1.4 rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Patches:
Upstream:http://hg.python.org/cpython/rev/5937d2119a20
Package
Upstream:released (3.2.1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (3.2.1~rc1-1)
Patches:
Upstream:http://hg.python.org/cpython/rev/968bca2cab60
More Information

Updated: 2019-01-14 21:57:08 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)