[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-09-06 Thread Larry Hastings
Larry Hastings added the comment: New changeset 095373c32d16df575ba5fcb5f44bf44119b26193 by larryhastings (Victor Stinner) in branch '3.5': bpo-36742: Corrects fix to handle decomposition in usernames (GH-13812) (GH-13814) (#14772) https://github.com/python/cpython/commit/095373c32d16df575ba

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-07-14 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +14565 pull_request: https://github.com/python/cpython/pull/14772 ___ Python tracker ___ __

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-07-14 Thread Larry Hastings
Larry Hastings added the comment: New changeset 4655d576141ee56a69d2052431c636858fcb916a by larryhastings (Steve Dower) in branch '3.5': bpo-36742: Fixes handling of pre-normalization characters in urlsplit() (GH-13017) (#13042) https://github.com/python/cpython/commit/4655d576141ee56a69d205

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-11 Thread STINNER Victor
STINNER Victor added the comment: New changeset 2b578479b96aa3deeeb8bac313a02b5cf3cb1aff by Victor Stinner in branch '2.7': [2.7] bpo-36742: Fix urlparse.urlsplit() error message for Unicode URL (GH-13937) https://github.com/python/cpython/commit/2b578479b96aa3deeeb8bac313a02b5cf3cb1aff --

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-10 Thread Charalampos Stratakis
Change by Charalampos Stratakis : -- nosy: +cstratak ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-10 Thread Riccardo Schirone
Riccardo Schirone added the comment: > CVE-2019-10160 has been assigned by Red Hat to this flaw. For clarity, CVE-2019-10160 has been assigned to the bug introduced with the fix for the functional regression mentioned in this bug, and not to the bug itself explained in the first comment. See

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-10 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +13804 pull_request: https://github.com/python/cpython/pull/13937 ___ Python tracker ___ __

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-07 Thread Riccardo Schirone
Riccardo Schirone added the comment: The fix for python-2.7 (https://github.com/python/cpython/pull/13815/files#diff-b577545d73dd0cdb2c337a4c5f89e1d7R183) causes errors when netloc contains characters that can't be encoded by 'ascii' codec. You can see it by doing: >>> netloc = u'example.co

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-07 Thread STINNER Victor
STINNER Victor added the comment: CVE-2019-10160 has been assigned by Red Hat to this flaw. -- ___ Python tracker ___ ___ Python-bu

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-06-07 Thread STINNER Victor
Change by STINNER Victor : -- title: urlsplit doesn't accept a NFKD hostname with a port number -> CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@ ___ Python tracker _