oss-sec mailing list archives

Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes

From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Mon, 28 Mar 2011 10:27:49 -0400 (EDT)


On Thu, 24 Mar 2011, Jan Lieskovsky wrote:

 A security flaw was found in the way handlers for ftp:// and
file:// URL schemes in the Python urllib and urllib2 extensible
libraries processed the urllib open URL request.

...

References:
[1] http://bugs.python.org/issue11662
[2] https://bugzilla.redhat.com/show_bug.cgi?id=690560



Use CVE-2011-1521

- Steve

Current thread:

CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes Jan Lieskovsky (Mar 24)
- Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes Steven M. Christey (Mar 28)