Message 291988 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	corona10
Recipients	corona10
Date	2017-04-20.17:57:20
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1492711040.26.0.220875177269.issue30119@psf.upfronthosting.co.za>
In-reply-to

Content
It was discovered that the FTP client implementation in the Networking component of Python failed to correctly handle user inputs. A remote attacker could possibly use this flaw to manipulate an FTP connection opened by a Python application if it could make it access a specially crafted FTP URL. See http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html and https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-3533 I upload the patch for this issue.

It was discovered that the FTP client implementation in the Networking component of Python failed to correctly handle user inputs. 
A remote attacker could possibly use this flaw to manipulate an FTP connection opened by a Python application if it could make it access a specially crafted FTP URL.

See 
http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html

and https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-3533

I upload the patch for this issue.

History
Date	User	Action	Args
2017-04-20 17:57:20	corona10	set	recipients: + corona10
2017-04-20 17:57:20	corona10	set	messageid: <1492711040.26.0.220875177269.issue30119@psf.upfronthosting.co.za>
2017-04-20 17:57:20	corona10	link	issue30119 messages
2017-04-20 17:57:20	corona10	create