Filenames passed to the UU encoding methods (uu.py and uu_codec.py) that contain a newline character will overflow data into the UU content section. This can potentially be used to inject replace or corrupt data content in a file during the decode process.
The fix removes newline characters from filenames.
Dates:
Disclosure date: 2019-11-30 (Python issue bpo-38945 reported)
Reported at: 2019-11-28 (PSRT list)
Reported by: Matthew Rollings
Python 2.7.18 (2020-04-19) fixed by commit a016d4e (branch 2.7) (2019-12-03)
Python 3.5.10 (2020-09-05) fixed by commit 8835f46 (branch 3.5) (2020-03-21)
Python 3.6.10 (2019-12-18) fixed by commit 30afc91 (branch 3.6) (2019-12-02)
Python 3.7.6 (2019-12-18) fixed by commit 87f2d26 (branch 3.7) (2019-12-02)
Python 3.8.1 (2019-12-18) fixed by commit 8859fc6 (branch 3.8) (2019-12-02)
Python 3.9.0 (2020-10-05) fixed by commit a62ad47 (branch 3.9) (2019-12-02)
Remove newline characters from uu encoding methods.
Python issue: bpo-38945
Creation date: 2019-11-30
Reporter: stealthcopter
Timeline using the disclosure date 2019-11-30 as reference:
2019-11-28 (-2 days): Reported (PSRT list)
2019-11-30: Python issue bpo-38945 reported by stealthcopter
2019-12-02 (+2 days): commit 30afc91 (branch 3.6)
2019-12-02 (+2 days): commit 87f2d26 (branch 3.7)
2019-12-02 (+2 days): commit 8859fc6 (branch 3.8)
2019-12-02 (+2 days): commit a62ad47 (branch 3.9)
2019-12-03 (+3 days): commit a016d4e (branch 2.7)
2019-12-18 (+18 days): Python 3.6.10 released
2019-12-18 (+18 days): Python 3.7.6 released
2019-12-18 (+18 days): Python 3.8.1 released
2020-03-21 (+112 days): commit 8835f46 (branch 3.5)
2020-04-19 (+141 days): Python 2.7.18 released
2020-09-05 (+280 days): Python 3.5.10 released
2020-10-05: Python 3.9.0 released
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4