gh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format#103849
Conversation
Sorry, something went wrong.
|
All commit authors signed the Contributor License Agreement. |
Sorry, something went wrong.
JohnJamesUtley
force-pushed
the
fix-issue-using-ipmodule
branch
from
f840480 to
df34308
Compare
April 25, 2023 20:02
arhadthedev
added
awaiting review
stdlib
Standard Library Python modules in the Lib/ directory
labels
Apr 26, 2023
|
Most changes to Python require a NEWS entry. Please add it using the blurb_it web app or the blurb command-line tool. |
Sorry, something went wrong.
…Pv6 or IPvFuture format
JohnJamesUtley
force-pushed
the
fix-issue-using-ipmodule
branch
from
f33126b to
37bc08c
Compare
April 26, 2023 13:59
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
Sorry, something went wrong.
…kets, adds comments, and a new test
|
I have made the requested changes; please review again You're correct that |
Sorry, something went wrong.
|
Thanks for making the requested changes! @gpshead: please review the changes made to this pull request. |
Sorry, something went wrong.
|
Thanks @JohnJamesUtley for the PR, and @gpshead for merging it 🌮🎉.. I'm working now to backport this PR to: 3.11. |
Sorry, something went wrong.
…und by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) (python#104349) pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) * Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. (cherry picked from commit 29f348e) Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. (cherry picked from commit 29f348e) Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
…urlsplit are of IPv6 or IPvFuture format (python#103849) * Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format --------- Co-authored-by: Gregory P. Smith <greg@krypto.org> (cherry picked from commit 29f348e)
…urlsplit are of IPv6 or IPvFuture format (python#103849) * Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format --------- Co-authored-by: Gregory P. Smith <greg@krypto.org> (cherry picked from commit 29f348e)
|
Hi @miss-islington and @gpshead - how do I ensure I'm using a version of Python with this vulnerability fixed? I'm supporting a team that uses hardened containers from Iron Bank and I don't believe the approved containers will get the back port updates. Since 3.11 is the newest version mentioned here for a back port, does the initial release of 3.12 include this fix? |
Sorry, something went wrong.
The release date of Pyton3.12 is 2023-10, so of course, 3.12 contains this patch. BTW miss-islington is a bot for PR. 😉 |
Sorry, something went wrong.
…ly validate IPv6 and IPvFuture addresses. Refs Python CVE-2024-11168. Django should not affected, but others who incorrectly use internal function _urlsplit() with unsanitized input could be at risk. python/cpython#103849
…ly validate IPv6 and IPvFuture addresses. Refs Python CVE-2024-11168. Django should not affected, but others who incorrectly use internal function _urlsplit() with unsanitized input could be at risk. python/cpython#103849
…und by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) (python#104349) pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) * Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format --------- (cherry picked from commit 29f348e) Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org>
pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. (cherry picked from commit 29f348e) Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. (cherry picked from commit 29f348e) Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. (cherry picked from commit 29f348e) Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
pythongh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format (pythonGH-103849) Tests are adjusted because Python <3.9 don't support scoped IPv6 addresses. (cherry picked from commit 29f348e) Co-authored-by: JohnJamesUtley <81572567+JohnJamesUtley@users.noreply.github.com> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Lumír Balhar <lbalhar@redhat.com>
Addresses #103848