This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients Dominik Czarnota, aldwinaldwin, christian.heimes, vstinner
Date 2019-07-05.10:18:59
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1562321940.13.0.817294041686.issue37495@roundup.psfhosted.org>
In-reply-to
Content
I take the freedom of assigning CVE-2016-10739 to this Python issue, even if CVE-2016-10739 was reported to the glibc (not to Python).

"In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings."
https://access.redhat.com/security/cve/cve-2016-10739
History
Date User Action Args
2019-07-05 10:19:00vstinnersetrecipients: + vstinner, christian.heimes, aldwinaldwin, Dominik Czarnota
2019-07-05 10:19:00vstinnersetmessageid: <1562321940.13.0.817294041686.issue37495@roundup.psfhosted.org>
2019-07-05 10:19:00vstinnerlinkissue37495 messages
2019-07-05 10:18:59vstinnercreate