Message11111

Author jduffy3
Recipients jduffy3
Date 2017-02-22.12:14:57
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1487765698.36.0.929862724781.issue2555@psf.upfronthosting.co.za>
In-reply-to
Content
The following vulnerability was identified in Python 2.7

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

I see the latest jar of Jython doesn't include the fix for this. Is this going to be patched any time?

Thanks!
History
Date User Action Args
2017-02-22 12:14:58jduffy3setrecipients: + jduffy3
2017-02-22 12:14:58jduffy3setmessageid: <1487765698.36.0.929862724781.issue2555@psf.upfronthosting.co.za>
2017-02-22 12:14:58jduffy3linkissue2555 messages
2017-02-22 12:14:57jduffy3create