[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-09-07 Thread Larry Hastings
Larry Hastings added the comment: New changeset 095373c32d16df575ba5fcb5f44bf44119b26193 by larryhastings (Victor Stinner) in branch '3.5': bpo-36742: Corrects fix to handle decomposition in usernames (GH-13812) (GH-13814) (#14772)

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-07-14 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +14565 pull_request: https://github.com/python/cpython/pull/14772 ___ Python tracker ___

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-07-14 Thread Larry Hastings
Larry Hastings added the comment: New changeset 4655d576141ee56a69d2052431c636858fcb916a by larryhastings (Steve Dower) in branch '3.5': bpo-36742: Fixes handling of pre-normalization characters in urlsplit() (GH-13017) (#13042)

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-11 Thread STINNER Victor
STINNER Victor added the comment: New changeset 2b578479b96aa3deeeb8bac313a02b5cf3cb1aff by Victor Stinner in branch '2.7': [2.7] bpo-36742: Fix urlparse.urlsplit() error message for Unicode URL (GH-13937) https://github.com/python/cpython/commit/2b578479b96aa3deeeb8bac313a02b5cf3cb1aff

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-10 Thread Charalampos Stratakis
Change by Charalampos Stratakis : -- nosy: +cstratak ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-10 Thread Riccardo Schirone
Riccardo Schirone added the comment: > CVE-2019-10160 has been assigned by Red Hat to this flaw. For clarity, CVE-2019-10160 has been assigned to the bug introduced with the fix for the functional regression mentioned in this bug, and not to the bug itself explained in the first comment.

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-10 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +13804 pull_request: https://github.com/python/cpython/pull/13937 ___ Python tracker ___

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-07 Thread Riccardo Schirone
Riccardo Schirone added the comment: The fix for python-2.7 (https://github.com/python/cpython/pull/13815/files#diff-b577545d73dd0cdb2c337a4c5f89e1d7R183) causes errors when netloc contains characters that can't be encoded by 'ascii' codec. You can see it by doing: >>> netloc =

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-07 Thread STINNER Victor
STINNER Victor added the comment: CVE-2019-10160 has been assigned by Red Hat to this flaw. -- ___ Python tracker ___ ___

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-07 Thread STINNER Victor
Change by STINNER Victor : -- title: urlsplit doesn't accept a NFKD hostname with a port number -> CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@ ___ Python tracker