Message 347328 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	Dominik Czarnota, aldwinaldwin, christian.heimes, vstinner
Date	2019-07-05.10:18:59
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1562321940.13.0.817294041686.issue37495@roundup.psfhosted.org>
In-reply-to

Content
I take the freedom of assigning CVE-2016-10739 to this Python issue, even if CVE-2016-10739 was reported to the glibc (not to Python). "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings." https://access.redhat.com/security/cve/cve-2016-10739

I take the freedom of assigning CVE-2016-10739 to this Python issue, even if CVE-2016-10739 was reported to the glibc (not to Python).

"In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings."
https://access.redhat.com/security/cve/cve-2016-10739

History
Date	User	Action	Args
2019-07-05 10:19:00	vstinner	set	recipients: + vstinner, christian.heimes, aldwinaldwin, Dominik Czarnota
2019-07-05 10:19:00	vstinner	set	messageid: <1562321940.13.0.817294041686.issue37495@roundup.psfhosted.org>
2019-07-05 10:19:00	vstinner	link	issue37495 messages
2019-07-05 10:18:59	vstinner	create