Merge issue 11662.

author: Guido van Rossum <guido@python.org> 2011-03-29 20:00:28 (GMT)
committer: Guido van Rossum <guido@python.org> 2011-03-29 20:00:28 (GMT)
commit: 3a4ea3d966862c721cbf963e549e4fa6eb7a49d2 (patch)
tree: ce0ecbaee5f2bb36007c685132f2757cea06adf7
parent: 69cfcabae3d72845d44e1078d25072fdbb02072c (diff)
parent: 20d2ab435e541f79a8e94d7b02696ee9f6e49c8d (diff)
download: cpython-3a4ea3d966862c721cbf963e549e4fa6eb7a49d2.zip
cpython-3a4ea3d966862c721cbf963e549e4fa6eb7a49d2.tar.gz
cpython-3a4ea3d966862c721cbf963e549e4fa6eb7a49d2.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index e8efa0e..f276cb3 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -139,6 +139,9 @@ Library
 - Issue #11666: let help() display named tuple attributes and methods
   that start with a leading underscore.
 
+- Issue #11662: Make urllib and urllib2 ignore redirections if the
+  scheme is not HTTP, HTTPS or FTP (CVE-2011-1521).
+
 - Issue #5537: Fix time2isoz() and time2netscape() functions of
   httplib.cookiejar for expiration year greater than 2038 on 32-bit systems.
author	Guido van Rossum <guido@python.org>	2011-03-29 20:00:28 (GMT)
committer	Guido van Rossum <guido@python.org>	2011-03-29 20:00:28 (GMT)
commit	3a4ea3d966862c721cbf963e549e4fa6eb7a49d2 (patch)
tree	ce0ecbaee5f2bb36007c685132f2757cea06adf7
parent	69cfcabae3d72845d44e1078d25072fdbb02072c (diff)
parent	20d2ab435e541f79a8e94d7b02696ee9f6e49c8d (diff)
download	cpython-3a4ea3d966862c721cbf963e549e4fa6eb7a49d2.zip cpython-3a4ea3d966862c721cbf963e549e4fa6eb7a49d2.tar.gz cpython-3a4ea3d966862c721cbf963e549e4fa6eb7a49d2.tar.bz2