Your submission was sent successfully! Close

CVE-2011-1521

Published: 24 May 2011

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Priority

Medium

Status

Package Release Status
python2.4
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy
Released (2.4.5-1ubuntu4.4)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

python2.5
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.5.2-2ubuntu6.2)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

python2.6
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

lucid
Released (2.6.5-1ubuntu6.1)
maverick Ignored
(reached end-of-life)
natty
Released (2.6.6-6ubuntu7.1)
oneiric Not vulnerable
(2.6.7-4ubuntu1)
precise Does not exist

upstream
Released (2.6.7)
python2.7
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

lucid Does not exist

maverick Ignored
(reached end-of-life)
natty
Released (2.7.1-5ubuntu2.2)
oneiric Not vulnerable
(2.7.2~rc1-2)
precise Not vulnerable
(2.7.2~rc1-2)
upstream
Released (2.7.2)
python3.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

lucid
Released (3.1.2-0ubuntu3.1)
maverick
Released (3.1.2+20100915-0ubuntu4.1)
natty
Released (3.1.3-1ubuntu1.1)
oneiric Does not exist

precise Does not exist

upstream
Released (3.1.4 rc1)
python3.2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

lucid Does not exist

maverick Does not exist

natty
Released (3.2-1ubuntu1.1)
oneiric Not vulnerable
(3.2.1~rc1-1)
precise Not vulnerable
(3.2.1~rc1-1)
upstream
Released (3.2.1)