httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
Released in 0.19.0, please bump.
Unable to check for sanity:
> no match for package: dev-python/httplib2-0.19.0
The bug has been referenced in the following commit(s):
Author: Michał Górny <email@example.com>
AuthorDate: 2021-02-09 09:13:19 +0000
Commit: Michał Górny <firstname.lastname@example.org>
CommitDate: 2021-02-09 09:20:15 +0000
dev-python/httplib2: Bump to 0.19.0
Signed-off-by: Michał Górny <email@example.com>
dev-python/httplib2/Manifest | 1 +
dev-python/httplib2/httplib2-0.19.0.ebuild | 56 ++++++++++++++++++++++++++++++
2 files changed, 57 insertions(+)
All sanity-check issues have been resolved
amd64 arm arm64 hppa ppc ppc64 sparc x86 (ALLARCHES) done
all arches done
Very limited impact so no GLSA, all done!