diff options
author | Ben Copeland <ben.copeland@linaro.org> | 2017-04-10 17:09:48 +0100 |
---|---|---|
committer | Ben Copeland <ben.copeland@linaro.org> | 2017-04-10 16:14:23 +0000 |
commit | 5736fb00d529ecd120fc059af20dd67b1884beec (patch) | |
tree | 18353a9a1f82d92272bdbbd978b8d9a1a695aa40 | |
parent | d8adcd58301f49d9251702c09938bb050f2aff5a (diff) |
gitolite: Fix for CVE-2016-599
We shouldn't use encodestring, due to it adding a \n to the string. A
CVE fix was released to fix this issue (https://bugs.python.org/issue22928).
Change-Id: I2c2ab1b9337f1b8412bd429304b891a8bc43f2da
-rwxr-xr-x | gitolite-tools/gitolite-groups | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/gitolite-tools/gitolite-groups b/gitolite-tools/gitolite-groups index a6c8008..c50f86a 100755 --- a/gitolite-tools/gitolite-groups +++ b/gitolite-tools/gitolite-groups @@ -59,7 +59,7 @@ def get_groups(user): crowd_error = False if user: params = {"username": user} - auth = base64.encodestring('{0}:{1}'.format(crowd_usr, crowd_pwd)) + auth = base64.b64encode('{0}:{1}'.format(crowd_usr, crowd_pwd)) headers = { "Authorization": "Basic {0}".format(auth), "Accept": "application/json" |