Message 237164 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	PaulMcMillan
Recipients	PaulMcMillan, benjamin.peterson, martin.panter, orsenthil, pitrou, python-dev, soilandreyes, vstinner, yaaboukir
Date	2015-03-03.21:51:30
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1425419490.33.0.687499208034.issue23505@psf.upfronthosting.co.za>
In-reply-to

Content
While some websites may use urlunparse(urlparse(url)) to validate a url, this is far from standard practice. Django, for instance, does not use this method. While I agree we should clean this behavior up, this is not a vulnerability in core python, and we need to invalidate the assigned CVE.

While some websites may use urlunparse(urlparse(url)) to validate a url, this is far from standard practice. Django, for instance, does not use this method. While I agree we should clean this behavior up, this is not a vulnerability in core python, and we need to invalidate the assigned CVE.

History
Date	User	Action	Args
2015-03-03 21:51:30	PaulMcMillan	set	recipients: + PaulMcMillan, orsenthil, pitrou, vstinner, benjamin.peterson, python-dev, martin.panter, soilandreyes, yaaboukir
2015-03-03 21:51:30	PaulMcMillan	set	messageid: <1425419490.33.0.687499208034.issue23505@psf.upfronthosting.co.za>
2015-03-03 21:51:30	PaulMcMillan	link	issue23505 messages
2015-03-03 21:51:30	PaulMcMillan	create