Message11111

Author	jduffy3
Recipients	jduffy3
Date	2017-02-22.12:14:57
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1487765698.36.0.929862724781.issue2555@psf.upfronthosting.co.za>
In-reply-to

Content
The following vulnerability was identified in Python 2.7 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699 CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. I see the latest jar of Jython doesn't include the fix for this. Is this going to be patched any time? Thanks!

The following vulnerability was identified in Python 2.7

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

I see the latest jar of Jython doesn't include the fix for this. Is this going to be patched any time?

Thanks!

History
Date	User	Action	Args
2017-02-22 12:14:58	jduffy3	set	recipients: + jduffy3
2017-02-22 12:14:58	jduffy3	set	messageid: <1487765698.36.0.929862724781.issue2555@psf.upfronthosting.co.za>
2017-02-22 12:14:58	jduffy3	link	issue2555 messages
2017-02-22 12:14:57	jduffy3	create