bpo-35906: Fix CRLF injection in urllib by push0ebp · Pull Request #12524 · python/cpython

push0ebp · 2019-03-24T14:24:39Z

Disallowing line break in URL parser.
Although I reported security issue a few months ago, it has not been fixed.
Please patch this vulnerability.

https://bugs.python.org/issue35906

push0ebp · 2019-03-24T15:25:13Z

this is not maintenance. but maintenance-branch-pr bot detected this PR to maintenance

matrixise · 2019-03-24T21:45:56Z

Related to this PR #11768

push0ebp · 2019-03-25T06:44:32Z

Hi, I am waiting for patching. but they have not patched yet, So I sent a PR again.

tomashek · 2019-04-04T16:01:45Z

Is this the accepted resolution of CVE-2019-9947? If so, what is blocking the merging of this PR?

push0ebp · 2019-04-07T10:11:14Z

Is this the accepted resolution of CVE-2019-9947? If so, what is blocking the merging of this PR?

they have not accepted it yet. I guess that they seem to be interested in this vulnerability. Although I sent a report to Python security a few weeks ago. but they haven't replied.

csabella · 2019-05-29T12:14:45Z

Thank you for the patch. Based on the last message on this ticket, this is fixed in bpo-30458, so I'm closing this pull request. Please add a comment to bpo-30458 if you believe needs further discussion. Thanks!

bpo-35906: Fix CRLF injection in urllib

08a024b

the-knights-who-say-ni added the CLA signed label Mar 24, 2019

bedevere-bot added the awaiting review label Mar 24, 2019

blurb-it bot and others added 2 commits March 24, 2019 14:36

📜🤖 Added by blurb_it.

fc915b3

Fix white space issue

4c6887b

This was referenced Mar 24, 2019

Deleted #12523

Closed

Deleted #12521

Closed

push0ebp changed the title ~~bpo-35906: Fix CRLF injection in urllib~~ [3.7] bpo-35906: Fix CRLF injection in urllib (GH-12524) Mar 24, 2019

push0ebp changed the title ~~[3.7] bpo-35906: Fix CRLF injection in urllib (GH-12524)~~ bpo-35906: Fix CRLF injection in urllib Mar 24, 2019

csabella closed this May 29, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

bpo-35906: Fix CRLF injection in urllib#12524

bpo-35906: Fix CRLF injection in urllib#12524
push0ebp wants to merge 3 commits intopython:masterfrom
push0ebp:bpo-35906

push0ebp commented Mar 24, 2019 •

edited by bedevere-bot

Loading

Uh oh!

push0ebp commented Mar 24, 2019

Uh oh!

matrixise commented Mar 24, 2019

Uh oh!

push0ebp commented Mar 25, 2019

Uh oh!

tomashek commented Apr 4, 2019

Uh oh!

push0ebp commented Apr 7, 2019 •

edited

Loading

Uh oh!

csabella commented May 29, 2019 •

edited by bedevere-bot

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Uh oh!

Conversation

push0ebp commented Mar 24, 2019 • edited by bedevere-bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

push0ebp commented Mar 24, 2019

Uh oh!

matrixise commented Mar 24, 2019

Uh oh!

push0ebp commented Mar 25, 2019

Uh oh!

tomashek commented Apr 4, 2019

Uh oh!

push0ebp commented Apr 7, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

csabella commented May 29, 2019 • edited by bedevere-bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

push0ebp commented Mar 24, 2019 •

edited by bedevere-bot

Loading

push0ebp commented Apr 7, 2019 •

edited

Loading

csabella commented May 29, 2019 •

edited by bedevere-bot

Loading