Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork32k
gh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format#103849
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
ghost commentedApr 25, 2023 • edited by ghost
Loading Uh oh!
There was an error while loading.Please reload this page.
edited by ghost
Uh oh!
There was an error while loading.Please reload this page.
All commit authors signed the Contributor License Agreement. |
f840480 todf34308Comparebedevere-bot commentedApr 26, 2023
Most changes to Pythonrequire a NEWS entry. Please add it using theblurb_it web app or theblurb command-line tool. |
…Pv6 or IPvFuture format
f33126b to37bc08cCompareUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
bedevere-bot commentedMay 9, 2023
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
…kets, adds comments, and a new test
I have made the requested changes; please review again You're correct that |
bedevere-bot commentedMay 9, 2023
Thanks for making the requested changes! @gpshead: please review the changes made to this pull request. |
Thanks@JohnJamesUtley for the PR, and@gpshead for merging it 🌮🎉.. I'm working now to backport this PR to: 3.11. |
… urlsplit are of IPv6 or IPvFuture format (GH-103849) (#104349)gh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (GH-103849)* Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format---------(cherry picked from commit29f348e)Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>Co-authored-by: Gregory P. Smith <greg@krypto.org>
* main:pythonGH-102181: Improve specialization stats for SEND (pythonGH-102182)pythongh-103000: Optimise `dataclasses.asdict` for the common case (python#104364)pythongh-103538: Remove unused TK_AQUA code (pythonGH-103539)pythonGH-87695: Fix OSError from `pathlib.Path.glob()` (pythonGH-104292)pythongh-104263: Rely on Py_NAN and introduce Py_INFINITY (pythonGH-104202)pythongh-104010: Separate and improve docs for `typing.get_origin` and `typing.get_args` (python#104013)pythongh-101819: Adapt _io._BufferedIOBase_Type methods to Argument Clinic (python#104355)pythongh-103960: Dark mode: invert image brightness (python#103983)pythongh-104252: Immortalize Py_EMPTY_KEYS (pythongh-104253)pythongh-101819: Clean up _io windows console io afterpythongh-104197 (python#104354)pythongh-101819: Harden _io init (python#104352)pythongh-103247: clear the module cache in a test in test_importlib/extensions/test_loader.py (pythonGH-104226)pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (python#103849)pythongh-74895: adjust tests to work on Solaris (python#104326)pythongh-101819: Refactor _io in preparation for module isolation (python#104334)pythongh-90953: Don't use deprecated AST nodes in clinic.py (python#104322)pythongh-102327: Extend docs for "url" and "headers" parameters to HTTPConnection.request()pythongh-104328: Fix typo in ``typing.Generic`` multiple inheritance error message (python#104335)
…und by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) (python#104349)pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849)* Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format---------(cherry picked from commit29f348e)Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>Co-authored-by: Gregory P. Smith <greg@krypto.org>
…und by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) (python#104349)pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849)* Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture formatTests are adjusted because Python <3.9 don't support scoped IPv6 addresses.(cherry picked from commit29f348e)Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>Co-authored-by: Gregory P. Smith <greg@krypto.org>Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849)Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses.(cherry picked from commit29f348e)Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>Co-authored-by: Gregory P. Smith <greg@krypto.org>Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849)Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses.(cherry picked from commit29f348e)Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>Co-authored-by: Gregory P. Smith <greg@krypto.org>Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
…urlsplit are of IPv6 or IPvFuture format (python#103849)* Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format---------Co-authored-by: Gregory P. Smith <greg@krypto.org>(cherry picked from commit29f348e)
GH-126975 is a backport of this pull request to the3.10 branch. |
…urlsplit are of IPv6 or IPvFuture format (python#103849)* Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format---------Co-authored-by: Gregory P. Smith <greg@krypto.org>(cherry picked from commit29f348e)
GH-126976 is a backport of this pull request to the3.9 branch. |
BitterDone commentedNov 20, 2024
Hi@miss-islington and@gpshead - how do I ensure I'm using a version of Python with this vulnerability fixed? I'm supporting a team that uses hardened containers from Iron Bank and I don't believe the approved containers will get the back port updates. Since 3.11 is the newest version mentioned here for a back port, does the initial release of 3.12 include this fix? |
The release date of Pyton3.12 is 2023-10, so of course, 3.12 contains this patch. BTW miss-islington is a bot for PR. 😉 |
…ly validate IPv6 and IPvFuture addresses.Refs PythonCVE-2024-11168. Django should not affected, but others whoincorrectly use internal function _urlsplit() with unsanitized inputcould be at risk.python/cpython#103849
…ly validate IPv6 and IPvFuture addresses.Refs PythonCVE-2024-11168. Django should not affected, but others whoincorrectly use internal function _urlsplit() with unsanitized inputcould be at risk.python/cpython#103849
…und by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) (python#104349)pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849)* Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format---------(cherry picked from commit29f348e)Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>Co-authored-by: Gregory P. Smith <greg@krypto.org>
pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849)Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses.(cherry picked from commit29f348e)Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com>Co-authored-by: Gregory P. Smith <greg@krypto.org>Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
Uh oh!
There was an error while loading.Please reload this page.
Addresses#103848