[Python-Dev] Need help to fix urllib(.parse) vulnerabilities (original) (raw)

Victor Stinner victor.stinner at gmail.com
Sat Jul 22 17:47:38 EDT 2017

• Previous message (by thread): [Python-Dev] Need help to fix urllib(.parse) vulnerabilities
• Next message (by thread): [Python-Dev] Appending a link back to bugs.python.org in GitHub PRs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I consider that it is a security vulneraibility and so should be fixed in all supported branches including 3.3 and 3.4.

If someone is blocked for a legit usecase, an old Python version can be used until we decide how to handle it.

I concur with you, I don't think that anyone uses filenames containing newlines on FTP. FTP protocol is text based and uses newlines as the command separator. I expect a lot of not fun issues if someone uses such filename on legit files.

Victor -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20170722/034d4c40/attachment.html>

• Previous message (by thread): [Python-Dev] Need help to fix urllib(.parse) vulnerabilities
• Next message (by thread): [Python-Dev] Appending a link back to bugs.python.org in GitHub PRs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list