NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e310dccbee
kumquat-buildroot/package/python-httplib2/python-httplib2.hash
Fabrice Fontaine 6c0c05d6d5 package/python-httplib2: security bump to version 0.19.1 
- Fix CVE-2021-21240: httplib2 is a comprehensive HTTP client library
  for Python. In httplib2 before version 0.19.0, a malicious server
  which responds with long series of "\xa0" characters in the
  "www-authenticate" header may cause Denial of Service (CPU burn while
  parsing header) of the httplib2 client accessing said server. This is
  fixed in version 0.19.0 which contains a new implementation of auth
  headers parsing using the pyparsing library.
- Fix CVE-2020-11078: In httplib2 before version 0.18.0, an attacker
  controlling unescaped part of uri for `httplib2.Http.request()` could
  change request headers and body, send additional hidden requests to
  same server. This vulnerability impacts software that uses httplib2
  with uri constructed by string concatenation, as opposed to proper
  urllib building with escaping. This has been fixed in 0.18.0.
- Use LICENSE file instead of PKG-INFO
- pyparsing is a runtime dependency since version 0.19.0 and
  bd9ee252c8

https://github.com/httplib2/httplib2/blob/v0.19.1/CHANGELOG

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2050b4869d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-25 08:50:38 +02:00

6 lines
332 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/httplib2/json
md5 de7f5e3a4adb3105889867327bdd39dc httplib2-0.19.1.tar.gz
sha256 0b12617eeca7433d4c396a100eaecfa4b08ee99aa881e6df6e257a7aad5d533d httplib2-0.19.1.tar.gz
# Locally computed sha256 checksums
sha256 589eec38f72df2be203711d3b8cbece9b908c5e7ff00bc3cab7f63bae9e366b4 LICENSE
Reference in New Issue View Git Blame Copy Permalink