Message 340407 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	gregory.p.smith, martin.panter, orange, serhiy.storchaka, vstinner, ware, xiang.zhang, xtreak
Date	2019-04-17.15:35:49
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1555515349.93.0.562842481869.issue30458@roundup.psfhosted.org>
In-reply-to

Content
"wave Hi! I've noticed that CVE-2019-11236 has been assigned to the CRLF injection issue described here. It seems that the library has been patched in GitHub, but no new release has been made to pypi. (...)" This urllib3 change: https://github.com/urllib3/urllib3/commit/0aa3e24fcd75f1bb59ab159e9f8adb44055b2271 urllib3 now vendors a copy of the rfc3986 library: https://pypi.org/project/rfc3986/

"wave Hi! I've noticed that CVE-2019-11236 has been assigned to the CRLF injection issue described here. It seems that the library has been patched in GitHub, but no new release has been made to pypi. (...)"

This urllib3 change:
https://github.com/urllib3/urllib3/commit/0aa3e24fcd75f1bb59ab159e9f8adb44055b2271

urllib3 now vendors a copy of the rfc3986 library:

https://pypi.org/project/rfc3986/

History
Date	User	Action	Args
2019-04-17 15:35:49	vstinner	set	recipients: + vstinner, gregory.p.smith, martin.panter, serhiy.storchaka, xiang.zhang, orange, xtreak, ware
2019-04-17 15:35:49	vstinner	set	messageid: <1555515349.93.0.562842481869.issue30458@roundup.psfhosted.org>
2019-04-17 15:35:49	vstinner	link	issue30458 messages
2019-04-17 15:35:49	vstinner	create