Author xtreak
Recipients Windson Yang, benjamin.peterson, martin.panter, ned.deily, orsenthil, serhiy.storchaka, xtreak, 西田雄治
Date 2019-02-13.06:30:08
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1550039408.29.0.455626009702.issue35121@roundup.psfhosted.org>
In-reply-to
Content
This issue affects 2.7 as well along with 3.4 and 3.5. The initial report was notified to security@python.org . 2.7.16 release candidate dates were announced at https://mail.python.org/pipermail/python-dev/2019-February/156266.html. I have prepared an initial backport of this with tests for 2.7 at https://github.com/python/cpython/compare/2.7...tirkarthi:bpo35121-27 . Serhiy has approved the PR for master. I have added notes here and on the PR about the issue and implementation in other languages. It would be helpful if someone can double check my analysis since cookiejar has not received much change over the years.

If this is a potential candidate for 2.7 release I can help with that once the changes are merged to master. Adding Benjamin Peterson to this issue to take a call on if it needs to be backported to 2.7. If it's planned for a backport then also to decide on priority if this needs to be part of 2.7.16 or later release.
History
Date User Action Args
2019-02-13 06:30:08xtreaksetrecipients: + xtreak, orsenthil, benjamin.peterson, ned.deily, martin.panter, serhiy.storchaka, Windson Yang, 西田雄治
2019-02-13 06:30:08xtreaksetmessageid: <1550039408.29.0.455626009702.issue35121@roundup.psfhosted.org>
2019-02-13 06:30:08xtreaklinkissue35121 messages
2019-02-13 06:30:08xtreakcreate