Merge urllib/urllib2 security fix from 2.5 branch.

author: guido@google.com <guido@google.com> 2011-03-29 17:48:23 (GMT)
committer: guido@google.com <guido@google.com> 2011-03-29 17:48:23 (GMT)
commit: 9a9fdfad59adb864ddd8f1227aada0c24b9d007b (patch)
tree: 8edd271a7843d949972e1ca6675beabefe491ec1 /Misc
parent: f23c515e5b932ee26c3eaa95bf0447fbe43b2c47 (diff)
parent: 92ecb8737b9c708268c6451a01835192c181b721 (diff)
download: cpython-9a9fdfad59adb864ddd8f1227aada0c24b9d007b.zip
cpython-9a9fdfad59adb864ddd8f1227aada0c24b9d007b.tar.gz
cpython-9a9fdfad59adb864ddd8f1227aada0c24b9d007b.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 449348e..2819a69 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,8 @@ What's New in Python 2.6.7?
 *NOTE: Python 2.6 is in security-fix-only mode.  No non-security bug fixes are
  allowed.  Python 2.6.7 and beyond will be source only releases.*
 
+- Issue #11662: Make urllib and urllib2 ignore redirections if the
+  scheme is not HTTP, HTTPS or FTP (CVE-2011-1521).
 
 Core and Builtins
 -----------------
author	guido@google.com <guido@google.com>	2011-03-29 17:48:23 (GMT)
committer	guido@google.com <guido@google.com>	2011-03-29 17:48:23 (GMT)
commit	9a9fdfad59adb864ddd8f1227aada0c24b9d007b (patch)
tree	8edd271a7843d949972e1ca6675beabefe491ec1 /Misc
parent	f23c515e5b932ee26c3eaa95bf0447fbe43b2c47 (diff)
parent	92ecb8737b9c708268c6451a01835192c181b721 (diff)
download	cpython-9a9fdfad59adb864ddd8f1227aada0c24b9d007b.zip cpython-9a9fdfad59adb864ddd8f1227aada0c24b9d007b.tar.gz cpython-9a9fdfad59adb864ddd8f1227aada0c24b9d007b.tar.bz2