This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author sanebow
Recipients jpic, martin.panter, matrixise, orsenthil, ronaldoussoren, sanebow, xtreak
Date 2019-08-07.07:47:54
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Python2 urlparse.urlparse and urllib2.urlparse.urlparse have a similar IPv6 hostname parsing bug.

>>> urlparse.urlparse('[]').hostname
>>> '['

This is less practical to exploit since the parsed domain contains a '[' in the end.

Do I need to create a separate issue for this Python2 bug?

I think the way PR 14896 fix the python3 bug can also be applied to this.

Also, do we need a CVE ID for the python3 bug? As it may lead to some security issues in some Python apps, e.g., open-redirect. I have found such a case in a private bug bounty program.
Date User Action Args
2019-08-07 07:47:54sanebowsetrecipients: + sanebow, ronaldoussoren, orsenthil, martin.panter, matrixise, xtreak, jpic
2019-08-07 07:47:54sanebowsetmessageid: <>
2019-08-07 07:47:54sanebowlinkissue36338 messages
2019-08-07 07:47:54sanebowcreate