Riccardo Schirone <rschi...@redhat.com> added the comment:
> > A second problem comes into the game. Some C libraries like glibc strip the > > end of the hostname (strip at the first newline character) and so HTTP > > Header injection is still possible is this case: > > https://bugzilla.redhat.com/show_bug.cgi?id=1673465 > The bug link raises permission error. Does fixing the host part fix this > issue too since there won't be any socket connection made? Is it possible to > have a Python reproducer of this issue? I think this was supposed to refer to CVE-2016-10739 (https://bugzilla.redhat.com/show_bug.cgi?id=1347549) ---------- nosy: +rschiron _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue30458> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
