Issue 11662: Fix vulnerability in urllib/urllib2.

(This version is a cleaned-up backport of a fix by Senthil Kumaran.)
author: guido@google.com <guido@google.com> 2011-03-29 18:41:02 (GMT)
committer: guido@google.com <guido@google.com> 2011-03-29 18:41:02 (GMT)
commit: a119df91f33724f64e6bc1ecb484eeaa30ace014 (patch)
tree: be27f880b0ed6fdf79367fddc1c58019f07ca4ac /Misc
parent: b938c8c25316b69f1d5df2c7880a9f6b87e7c2fa (diff)
download: cpython-a119df91f33724f64e6bc1ecb484eeaa30ace014.zip
cpython-a119df91f33724f64e6bc1ecb484eeaa30ace014.tar.gz
cpython-a119df91f33724f64e6bc1ecb484eeaa30ace014.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index fca77ef..91d9ce6 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -44,6 +44,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #11662: Make urllib and urllib2 ignore redirections if the
+  scheme is not HTTP, HTTPS or FTP (CVE-2011-1521).
+
 - Issue #5537: Fix time2isoz() and time2netscape() functions of
   httplib.cookiejar for expiration year greater than 2038 on 32-bit systems.
author	guido@google.com <guido@google.com>	2011-03-29 18:41:02 (GMT)
committer	guido@google.com <guido@google.com>	2011-03-29 18:41:02 (GMT)
commit	a119df91f33724f64e6bc1ecb484eeaa30ace014 (patch)
tree	be27f880b0ed6fdf79367fddc1c58019f07ca4ac /Misc
parent	b938c8c25316b69f1d5df2c7880a9f6b87e7c2fa (diff)
download	cpython-a119df91f33724f64e6bc1ecb484eeaa30ace014.zip cpython-a119df91f33724f64e6bc1ecb484eeaa30ace014.tar.gz cpython-a119df91f33724f64e6bc1ecb484eeaa30ace014.tar.bz2