Message125929
I'm inclined not to support backporting to Python 2.6. It seems like a fairly rare and narrow hole for security problem, because it would require a program to add the bogus header explicitly, as opposed to getting it after parsing some data. To me, that smacks of SQL-injection or XSS type bug, where it's really the application that's the problem.
Or in other words, assuming you don't have a program that is deliberately adding such headers (and then it should be considered a feature, i.e. they know what they're doing), then you'd have to trick a header-adding program to add some unvalidated text.
I dunno, it doesn't seem like a serious enough threat to backport. |
|
Date |
User |
Action |
Args |
2011-01-10 21:01:36 | barry | set | recipients:
+ barry, loewis, terry.reedy, jwilk, pl, Arfrever, r.david.murray, ysj.ray, vvl |
2011-01-10 21:01:35 | barry | set | messageid: <1294693295.87.0.945714514547.issue5871@psf.upfronthosting.co.za> |
2011-01-10 21:01:23 | barry | link | issue5871 messages |
2011-01-10 21:01:23 | barry | create | |
|