Issue 11662: Fix vulnerability in urllib/urllib2. (This version is a cleaned-up backport of a fix by Senthil Kumaran.)

commit: a119df91f33724f64e6bc1ecb484eeaa30ace014 [log] [tgz]
author: guido@google.com <guido@google.com> Tue Mar 29 11:41:02 2011 -0700
committer: guido@google.com <guido@google.com> Tue Mar 29 11:41:02 2011 -0700
tree: be27f880b0ed6fdf79367fddc1c58019f07ca4ac
parent: b938c8c25316b69f1d5df2c7880a9f6b87e7c2fa [diff] [blame]
diff --git a/Misc/NEWS b/Misc/NEWS
index fca77ef..91d9ce6 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -44,6 +44,9 @@
 Library
 -------
 
+- Issue #11662: Make urllib and urllib2 ignore redirections if the
+  scheme is not HTTP, HTTPS or FTP (CVE-2011-1521).
+
 - Issue #5537: Fix time2isoz() and time2netscape() functions of
   httplib.cookiejar for expiration year greater than 2038 on 32-bit systems.
commit	a119df91f33724f64e6bc1ecb484eeaa30ace014	[log] [tgz]
author	guido@google.com <guido@google.com>	Tue Mar 29 11:41:02 2011 -0700
committer	guido@google.com <guido@google.com>	Tue Mar 29 11:41:02 2011 -0700
tree	be27f880b0ed6fdf79367fddc1c58019f07ca4ac
parent	b938c8c25316b69f1d5df2c7880a9f6b87e7c2fa [diff] [blame]