granicus.if.org Git - python/commit

]> granicus.if.org Git - python/commit

author	Senthil Kumaran <senthil@uthcode.com>
	Sun, 31 Jul 2016 06:34:34 +0000 (23:34 -0700)
committer	Senthil Kumaran <senthil@uthcode.com>
	Sun, 31 Jul 2016 06:34:34 +0000 (23:34 -0700)
commit	436fe5a447abb69e5e5a4f453325c422af02dcaa
tree	6087c6640f2e39e4e8bd1e7b7b6490e8e0b7f324	tree \| snapshot
parent	b7b5d35545d2d078e868cbda485bc4651edec4ff	commit \| diff
parent	4cbb23f8f278fd1f71dcd5968aa0b3f0b4f3bd5d	commit \| diff

[merge from 3.3] Prevent HTTPoxy attack (CVE-2016-1000110)

Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
indicates that the script is in CGI mode.

Issue #27568 Reported and patch contributed by Rémi Rampin.

Doc/howto/urllib2.rst	diff1 \|	diff2 \|	blob \| history
Doc/library/urllib.request.rst	diff1 \|	diff2 \|	blob \| history
Lib/test/test_urllib.py	diff1 \|	diff2 \|	blob \| history
Lib/urllib/request.py	diff1 \|	diff2 \|	blob \| history
Misc/NEWS	diff1 \|	diff2 \|	blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom

Doc/howto/urllib2.rst	diff1 \|	diff2 \|	blob \| history
Doc/library/urllib.request.rst	diff1 \|	diff2 \|	blob \| history
Lib/test/test_urllib.py	diff1 \|	diff2 \|	blob \| history
Lib/urllib/request.py	diff1 \|	diff2 \|	blob \| history
Misc/NEWS	diff1 \|	diff2 \|	blob \| history