STINNER Victor <vstin...@redhat.com> added the comment:
I take the freedom of assigning CVE-2016-10739 to this Python issue, even if CVE-2016-10739 was reported to the glibc (not to Python). "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings." https://access.redhat.com/security/cve/cve-2016-10739 ---------- title: socket.inet_aton parsing issue on some libc versions -> [CVE-2016-10739] socket.inet_aton parsing issue on some libc versions _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue37495> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
