Message347290
| Author |
rschiron |
| Recipients |
cstratak, gregory.p.smith, larry, martin.panter, miss-islington, orange, rschiron, serhiy.storchaka, vstinner, ware, xiang.zhang, xtreak |
| Date |
2019年07月04日.17:04:56 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1562259896.27.0.629703469692.issue30458@roundup.psfhosted.org> |
| In-reply-to |
| Content |
> > A second problem comes into the game. Some C libraries like glibc strip the end of the hostname (strip at the first newline character) and so HTTP Header injection is still possible is this case: https://bugzilla.redhat.com/show_bug.cgi?id=1673465
> The bug link raises permission error. Does fixing the host part fix this issue too since there won't be any socket connection made? Is it possible to have a Python reproducer of this issue?
I think this was supposed to refer to CVE-2016-10739 (https://bugzilla.redhat.com/show_bug.cgi?id=1347549) |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2019年07月04日 17:04:56 | rschiron | set | recipients:
+ rschiron, gregory.p.smith, vstinner, larry, martin.panter, serhiy.storchaka, xiang.zhang, cstratak, orange, miss-islington, xtreak, ware |
| 2019年07月04日 17:04:56 | rschiron | set | messageid: <1562259896.27.0.629703469692.issue30458@roundup.psfhosted.org> |
| 2019年07月04日 17:04:56 | rschiron | link | issue30458 messages |
| 2019年07月04日 17:04:56 | rschiron | create |
|