[issue41940] AMD64 Debian root 3.x: tests fail because downloaded files start with: <!DOCTYPE
Florian Bruhin
report at bugs.python.org
Mon Oct 5 06:51:01 EDT 2020
Florian Bruhin <python.org at the-compiler.org> added the comment:
> It is also not safe to pass data downloaded from untrusted source to eval().
To make matters worse, it's downloaded via HTTP (rather than HTTPS) - so anyone who can mess with the network of a machine running the Python testsuite can run arbitrary code on that machine.
(I contacted security at python.org about this a couple of hours ago, but I guess this is effectively public now anyways :D)
----------
nosy: +The Compiler
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue41940>
_______________________________________
More information about the Python-bugs-list
mailing list