diff options
author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2021-03-29 08:40:53 -0700 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2021-04-03 01:26:39 +0200 |
commit | 9bb39802fe1df2acc30e24871235f0ed8824ae3f (patch) | |
tree | 8dad43b739e1bb1f3879e940f4e64ea2970df677 /Lib/crypt.py | |
parent | [3.6] bpo-43285 Make ftplib not trust the PASV response. (GH-24838) (GH-24881... (diff) | |
download | cpython-gentoo-3.6.13_p1.tar.gz cpython-gentoo-3.6.13_p1.tar.bz2 cpython-gentoo-3.6.13_p1.zip |
bpo-42988: Remove the pydoc getfile feature (GH-25015) (GH-25067)gentoo-3.6.13_p1
CVE-2021-3426: Remove the "getfile" feature of the pydoc module which
could be abused to read arbitrary files on the disk (directory
traversal vulnerability). Moreover, even source code of Python
modules can contain sensitive data like passwords. Vulnerability
reported by David Schwörer.
(cherry picked from commit 9b999479c0022edfc9835a8a1f06e046f3881048)
Co-authored-by: Victor Stinner <vstinner@python.org>
Diffstat (limited to 'Lib/crypt.py')
0 files changed, 0 insertions, 0 deletions