[issue35121] Cookie domain check returns incorrect results

Karthikeyan Singaravelan report at bugs.python.org
Sun Mar 10 04:51:02 EDT 2019 

Karthikeyan Singaravelan <tir.karthi at gmail.com> added the comment:

>From my initial tests 3.4 and 3.5 were also affected. 3.4 is going EoL and RC1 is out but there is one another security issue (issue36216) fixed last week with a PR open. If the merge window is open and Larry is okay then I can raise backport PRs if needed. There are less changes made to cookiejar and cherry_picker would also work fine as I tried it locally.


cherry_picker --no-push ca7fe5063593958e5efdf90f068582837f07bd14 3.5
🐍 🍒 ⛏

Now backporting 'ca7fe5063593958e5efdf90f068582837f07bd14' into '3.5'
Switched to a new branch 'backport-ca7fe50-3.5'
Branch 'backport-ca7fe50-3.5' set up to track remote branch '3.5' from 'upstream'.

[backport-ca7fe50-3.5 fcb2dd85a0] bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258)
 Author: Xtreak <tir.karthi at gmail.com>
 Date: Sun Mar 10 07:39:48 2019 +0530
 3 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst


Finished cherry-pick ca7fe5063593958e5efdf90f068582837f07bd14 into backport-ca7fe50-3.5 😀

cherry_picker --no-push ca7fe5063593958e5efdf90f068582837f07bd14 3.4
🐍 🍒 ⛏

Now backporting 'ca7fe5063593958e5efdf90f068582837f07bd14' into '3.4'
Switched to a new branch 'backport-ca7fe50-3.4'
Branch 'backport-ca7fe50-3.4' set up to track remote branch '3.4' from 'upstream'.

Performing inexact rename detection: 100% (639108/639108), done.
[backport-ca7fe50-3.4 46ea57d6b3] bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258)
 Author: Xtreak <tir.karthi at gmail.com>
 Date: Sun Mar 10 07:39:48 2019 +0530
 3 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst


Finished cherry-pick ca7fe5063593958e5efdf90f068582837f07bd14 into backport-ca7fe50-3.4 😀

----------

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35121>
_______________________________________

More information about the Python-bugs-list mailing list