◐ Shell
clean mode source ↗

[3.7] gh-99889: Fix directory traversal security flaw in uu.decode() (GH-104096) by miss-islington · Pull Request #104333 · python/cpython

bedevere-bot

Skip to content

Navigation Menu

Sign in

Appearance settings

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up

Appearance settings

Conversation

@miss-islington

@miss-islington miss-islington commented

May 9, 2023

edited by bedevere-bot

Loading

Copy link Copy Markdown

Contributor

  • Fix directory traversal security flaw in uu.decode()
  • also check absolute paths and os.altsep
  • Add a regression test.

(cherry picked from commit 0aeda29)

Co-authored-by: Sam Carroll 70000253+samcarroll42@users.noreply.github.com
Co-authored-by: Gregory P. Smith greg@krypto.org [Google]

 
…ythonGH-104096)

* Fix directory traversal security flaw in uu.decode()
* also check absolute paths and os.altsep
* Add a regression test.

---------

(cherry picked from commit 0aeda29)

Co-authored-by: Sam Carroll <70000253+samcarroll42@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google]

@ned-deily ned-deily merged commit 1ce801b into python:3.7

May 27, 2023

@miss-islington miss-islington deleted the backport-0aeda29-3.7 branch

May 27, 2023 07:04

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ned-deily ned-deily

Labels

type-security

A security issue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@miss-islington @ned-deily @bedevere-bot @samcarroll42