Message347328
I take the freedom of assigning CVE-2016-10739 to this Python issue, even if CVE-2016-10739 was reported to the glibc (not to Python).
"In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings."
https://access.redhat.com/security/cve/cve-2016-10739 |
|
Date |
User |
Action |
Args |
2019-07-05 10:19:00 | vstinner | set | recipients:
+ vstinner, christian.heimes, aldwinaldwin, Dominik Czarnota |
2019-07-05 10:19:00 | vstinner | set | messageid: <1562321940.13.0.817294041686.issue37495@roundup.psfhosted.org> |
2019-07-05 10:19:00 | vstinner | link | issue37495 messages |
2019-07-05 10:18:59 | vstinner | create | |
|