Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

HTTP header injection in urrlib2/urllib/httplib/http.client (CVE-2016-5699) #67117

Copy link
Copy link
Closed
Closed
HTTP header injection in urrlib2/urllib/httplib/http.client (CVE-2016-5699)#67117
Copy link
Labels
stdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytype-securityA security issueA security issue
@Guido

Description

@Guido
Guido
mannequin
opened on Nov 24, 2014
Issue body actions
BPO 22928
Nosy @birkenfeld, @orsenthil, @vstinner, @larryhastings, @benjaminp, @ned-deily, @bitdancer, @berkerpeksag, @vadmium, @serhiy-storchaka, @koobs, @demianbrecht
PRs
  • [3.3] bpo-22928: Disabled HTTP header injections in http.client. #2817
  • [3.3][security] bpo-22928: Disabled HTTP header injections in http.client #2861
  • bpo-11671: add header validation from http.client to wsgiref.headers.Headers #15299
    		•
    Files
  • disable_http_header_injection.patch: Patch that disables HTTP header injections in Lib/http/client.py
  • issue22928.patch
  • issue22928_1.patch
  • issue22928_2.patch
  • issue22928_3.patch
  • issue22928_4.patch
  • issue22928_5.patch
  • issue22928_6.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2017-07-26.03:58:32.449>
created_at = <Date 2014-11-24.02:50:25.230>
labels = ['type-security', 'library']
title = 'HTTP header injection in urrlib2/urllib/httplib/http.client (CVE-2016-5699)'
updated_at = <Date 2019-08-15.04:09:21.328>
user = 'https://bugs.python.org/Guido'

    bugs.python.org fields:

    activity = <Date 2019-08-15.04:09:21.328>
actor = 'epicfaace'
assignee = 'none'
closed = True
closed_date = <Date 2017-07-26.03:58:32.449>
closer = 'ned.deily'
components = ['Library (Lib)']
creation = <Date 2014-11-24.02:50:25.230>
creator = 'Guido'
dependencies = []
files = ['37264', '38133', '38154', '38158', '38190', '38399', '38433', '38449']
hgrepos = []
issue_num = 22928
keywords = ['patch', 'security_issue']
message_count = 27.0
messages = ['231590', '232696', '235938', '235942', '235944', '235945', '236106', '236123', '236125', '236137', '237450', '237478', '237523', '237593', '237828', '237832', '237915', '237918', '237919', '237957', '269210', '269660', '298814', '299049', '299053', '299071', '299202']
nosy_count = 16.0
nosy_names = ['georg.brandl', 'orsenthil', 'vstinner', 'larry', 'benjamin.peterson', 'ned.deily', 'Arfrever', 'r.david.murray', 'python-dev', 'berker.peksag', 'martin.panter', 'serhiy.storchaka', 'koobs', 'demian.brecht', 'Guido', 'vladk']
pr_nums = ['2817', '2861', '15299']
priority = None
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue22928'
versions = ['Python 2.7', 'Python 3.3', 'Python 3.4', 'Python 3.5']

    Reactions are currently unavailable

    Metadata

    Metadata

    Assignees

    No one assigned

      Labels

      stdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytype-securityA security issueA security issue

      Fields

      No fields configured for issues without a type.

      Projects

      No projects

      Milestone

      No milestone

      Relationships

      None yet

      Development

      No branches or pull requests

      Issue actions
        Morty Proxy This is a proxified and sanitized view of the page, visit original site.