[issue38804] Regular Expression Denial of Service in http.cookiejar

2020-05-14 Thread STINNER Victor
STINNER Victor added the comment: The fix landed in all maintained versions, thanks. I close the issue. -- priority: release blocker -> resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue38804] Regular Expression Denial of Service in http.cookiejar

2020-04-02 Thread Larry Hastings
Larry Hastings added the comment: New changeset 55a6a16a46239a71b635584e532feb8b17ae7fdf by Victor Stinner in branch '3.5': bpo-38804: Fix REDoS in http.cookiejar (GH-17157) (#17344) https://github.com/python/cpython/commit/55a6a16a46239a71b635584e532feb8b17ae7fdf -- __

[issue38804] Regular Expression Denial of Service in http.cookiejar

2020-03-27 Thread Serhiy Storchaka
Change by Serhiy Storchaka : -- nosy: +larry priority: normal -> release blocker versions: -Python 2.7, Python 3.6, Python 3.7, Python 3.8, Python 3.9 ___ Python tracker ___ _

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-24 Thread STINNER Victor
STINNER Victor added the comment: New changeset e6499033032d5b647e43a3b49da0c1c64b151743 by Victor Stinner in branch '2.7': bpo-38804: Fix REDoS in http.cookiejar (GH-17157) (GH-17345) https://github.com/python/cpython/commit/e6499033032d5b647e43a3b49da0c1c64b151743 --

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-22 Thread Ned Deily
Ned Deily added the comment: New changeset 0716056c49e9505041e30386dad9b2e788f67aaf by Ned Deily (Miss Islington (bot)) in branch '3.6': bpo-38804: Fix REDoS in http.cookiejar (GH-17157) (#17343) https://github.com/python/cpython/commit/0716056c49e9505041e30386dad9b2e788f67aaf -- no

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-22 Thread STINNER Victor
STINNER Victor added the comment: I'm now tracking this vulnerability at: https://python-security.readthedocs.io/vuln/cookiejar-redos.html -- ___ Python tracker ___ __

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-22 Thread miss-islington
miss-islington added the comment: New changeset a1e1be4c4969c7c20c8c958e5ab5279ae6a66a16 by Miss Islington (bot) in branch '3.8': bpo-38804: Fix REDoS in http.cookiejar (GH-17157) https://github.com/python/cpython/commit/a1e1be4c4969c7c20c8c958e5ab5279ae6a66a16 -- nosy: +miss-isling

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-22 Thread miss-islington
miss-islington added the comment: New changeset cb6085138a845f8324adc011b65754acc2086cc0 by Miss Islington (bot) in branch '3.7': bpo-38804: Fix REDoS in http.cookiejar (GH-17157) https://github.com/python/cpython/commit/cb6085138a845f8324adc011b65754acc2086cc0 -- _

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-22 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +16829 pull_request: https://github.com/python/cpython/pull/17345 ___ Python tracker ___ __

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-22 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +16828 pull_request: https://github.com/python/cpython/pull/17344 ___ Python tracker ___ __

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-22 Thread miss-islington
Change by miss-islington : -- pull_requests: +16827 pull_request: https://github.com/python/cpython/pull/17343 ___ Python tracker ___ __

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-22 Thread miss-islington
Change by miss-islington : -- pull_requests: +16826 pull_request: https://github.com/python/cpython/pull/17342 ___ Python tracker ___ __

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-22 Thread miss-islington
Change by miss-islington : -- pull_requests: +16825 pull_request: https://github.com/python/cpython/pull/17341 ___ Python tracker ___ __

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-22 Thread STINNER Victor
STINNER Victor added the comment: New changeset 1b779bfb8593739b11cbb988ef82a883ec9d077e by Victor Stinner (bcaller) in branch 'master': bpo-38804: Fix REDoS in http.cookiejar (GH-17157) https://github.com/python/cpython/commit/1b779bfb8593739b11cbb988ef82a883ec9d077e -- __

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-14 Thread Karthikeyan Singaravelan
Change by Karthikeyan Singaravelan : -- nosy: +xtreak ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https:/

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-14 Thread Karthikeyan Singaravelan
Change by Karthikeyan Singaravelan : -- nosy: +serhiy.storchaka, vstinner ___ Python tracker ___ ___ Python-bugs-list mailing list U

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-14 Thread Ben Caller
Change by Ben Caller : -- keywords: +patch pull_requests: +1 stage: -> patch review pull_request: https://github.com/python/cpython/pull/17157 ___ Python tracker ___ _

[issue38804] Regular Expression Denial of Service in http.cookiejar

2019-11-14 Thread Ben Caller
New submission from Ben Caller : The regex http.cookiejar.LOOSE_HTTP_DATE_RE iss vulnerable to regular expression denial of service (REDoS). LOOSE_HTTP_DATE_RE.match is called when using http.cookiejar.CookieJar to parse Set-Cookie headers returned by a server. Processing a response from a mal