1
PublicDateAtUSN: 2011-05-24
2
Candidate: CVE-2011-1521
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
6
https://usn.ubuntu.com/usn/usn-1314-1
7
https://usn.ubuntu.com/usn/usn-1592-1
8
https://usn.ubuntu.com/usn/usn-1596-1
9
https://usn.ubuntu.com/usn/usn-1613-1
10
https://usn.ubuntu.com/usn/usn-1613-2
12
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before
13
3.2.1 process Location headers that specify redirection to file: URLs,
14
which makes it easier for remote attackers to obtain sensitive information
15
or cause a denial of service (resource consumption) via a crafted URL, as
16
demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
19
jdstrand> also needs a testcase fix
21
http://bugs.python.org/issue11662
22
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/909556
24
Discovered-by: Niels Heinen
28
upstream: http://hg.python.org/cpython/rev/b2934d98dac1/ (pt1)
29
upstream: http://hg.python.org/cpython/rev/34d5d794ccc1 (pt2)
30
upstream_python2.7: released (2.7.2)
34
maverick_python2.7: ignored (reached end-of-life)
35
natty_python2.7: released (2.7.1-5ubuntu2.2)
36
oneiric_python2.7: not-affected (2.7.2~rc1-2)
37
precise_python2.7: not-affected (2.7.2~rc1-2)
38
devel_python2.7: not-affected (2.7.2~rc1-2)
41
vendor: https://rhn.redhat.com/errata/RHSA-2011-0554.html
42
upstream: http://hg.python.org/cpython/rev/9eeda8e3a13f/ (pt1)
43
upstream: http://hg.python.org/cpython/rev/90ec0bc01f3b (pt2)
44
upstream_python2.6: released (2.6.7)
47
lucid_python2.6: released (2.6.5-1ubuntu6.1)
48
maverick_python2.6: ignored (reached end-of-life)
49
natty_python2.6: released (2.6.6-6ubuntu7.1)
50
oneiric_python2.6: not-affected (2.6.7-4ubuntu1)
51
precise_python2.6: DNE
55
upstream: http://hg.python.org/cpython/rev/dd852a0f92d6 (pt1)
56
upstream: http://hg.python.org/cpython/rev/ca3b117c40f3 (pt2)
57
upstream: http://hg.python.org/cpython/rev/9d06d5eb1a7e (pt3)
58
upstream: http://hg.python.org/cpython/rev/90ec0bc01f3b (pt4, backport from 2.6)
59
upstream_python2.5: needs-triage
61
hardy_python2.5: released (2.5.2-2ubuntu6.2)
63
maverick_python2.5: DNE
65
oneiric_python2.5: DNE
66
precise_python2.5: DNE
70
vendor: https://rhn.redhat.com/errata/RHSA-2011-0492.html
71
upstream_python2.4: needs-triage
72
dapper_python2.4: ignored (reached end-of-life)
73
hardy_python2.4: released (2.4.5-1ubuntu4.4)
75
maverick_python2.4: DNE
77
oneiric_python2.4: DNE
78
precise_python2.4: DNE
82
upstream: http://hg.python.org/cpython/rev/968bca2cab60
83
upstream_python3.2: released (3.2.1)
87
maverick_python3.2: DNE
88
natty_python3.2: released (3.2-1ubuntu1.1)
89
oneiric_python3.2: not-affected (3.2.1~rc1-1)
90
precise_python3.2: not-affected (3.2.1~rc1-1)
91
devel_python3.2: not-affected (3.2.1~rc1-1)
94
upstream: http://hg.python.org/cpython/rev/5937d2119a20
95
upstream_python3.1: released (3.1.4 rc1)
98
lucid_python3.1: released (3.1.2-0ubuntu3.1)
99
maverick_python3.1: released (3.1.2+20100915-0ubuntu4.1)
100
natty_python3.1: released (3.1.3-1ubuntu1.1)
101
oneiric_python3.1: DNE
102
precise_python3.1: DNE