LE-901: fix CVE-2021-3733

ucodery · ucodery · commit eeb7fe50450f · 2022-11-16T16:04:31.000-08:00
diff --git a/Lib/urllib2.py b/Lib/urllib2.py
@@ -859,7 +859,7 @@ class AbstractBasicAuthHandler:
 
     rx = re.compile('(?:^|,)'    # start of the string or ','
                     '[ \t]*'     # optional whitespaces
-                    '([^ \t]+)'  # scheme like "Basic"
+                    '([^ \t,]+)'  # scheme like "Basic"
                     '[ \t]+'     # mandatory whitespaces
                     # realm=xxx
                     # realm='xxx'
diff --git a/Misc/NEWS.d/2.7.18.5.rst b/Misc/NEWS.d/2.7.18.5.rst
@@ -1,6 +1,6 @@
 .. bpo: 0
 .. date: 2022-06-27
-.. nonce: caft@D
+.. nonce: LEB-0iW
 .. release date: 2022-06-27
 .. section: Library
 
diff --git a/Misc/NEWS.d/2.7.18.6.rst b/Misc/NEWS.d/2.7.18.6.rst
@@ -0,0 +1,7 @@
+.. bpo: 0
+.. date: 2022-11-16
+.. nonce: as$i9+
+.. release date: 2022-11-16
+.. section: Library
+
+Address CVE-2021-3733 in urllib2
