Huzaifa Sidhpurwala added the comment:
I have not tried the patch yet, but modifying the reproducer yields a different
crash. This one seems to be a heap-based buffer overflow which is slightly more
serious.
In the reproducer, you just need to replace ascii() with str().
Again works on
Huzaifa Sidhpurwala added the comment:
I am wondering if a CVE id has been assigned to this security issue yet?
--
nosy: +Huzaifa.Sidhpurwala
___
Python tracker
<http://bugs.python.org/issue13
Huzaifa Sidhpurwala added the comment:
This should have been
lynx localhost:8000/../../../../../../../../etc/passwd
v/s
lynx http://localhost:8000/../../../../../../../../etc/passwd
--
___
Python tracker
<http://bugs.python.org/issue11
Huzaifa Sidhpurwala added the comment:
It seems python was being blamed for what is essentially the fault of lynx.
The following would translate into browsing files locally from the system and
not from the web:
lynx http://localhost:8000/../../../../../../../../etc/passwd
The correct syntax
