Message 388358 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	orsenthil, serhiy.storchaka, vstinner, yetingli
Date	2021-03-09.11:51:39
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1615290700.0.0.917436810357.issue43075@roundup.psfhosted.org>
In-reply-to

Content
I see that you attached a redos_python.py benchmark (which looks like a benchmark that I wrote recently ;-)) but you didn't give results. Can you please show that your fix is effective to avoid catastrophic performances? Is this issue related to the CVE-2020-8492? Is it the same issue or is it different? https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html

I see that you attached a redos_python.py benchmark (which looks like a benchmark that I wrote recently ;-)) but you didn't give results. Can you please show that your fix is effective to avoid catastrophic performances?

Is this issue related to the CVE-2020-8492? Is it the same issue or is it different?
https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html

History
Date	User	Action	Args
2021-03-09 11:51:40	vstinner	set	recipients: + vstinner, orsenthil, serhiy.storchaka, yetingli
2021-03-09 11:51:39	vstinner	set	messageid: <1615290700.0.0.917436810357.issue43075@roundup.psfhosted.org>
2021-03-09 11:51:39	vstinner	link	issue43075 messages
2021-03-09 11:51:39	vstinner	create