[issue30458] [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)
Ned Deily
report at bugs.python.org
Tue Sep 17 00:58:53 EDT 2019
Ned Deily <nad at python.org> added the comment:
If I understand Jason's message correctly, the changes for Issue30458 introduced a regression in 3.7.4 and will introduce the same regression in other branches as they are released, including 3.5.8 whose rc1 is now in testing. 3.7.5rc1 is scheduled to be tagged later today. Is this regression serious enough that we should hold 3.7.5 and/or 3.5.8 for a fix? If so, there should probably be a separate issue for it unless it is necessarily intertwined with the resolution of Issue36274.
I'm provisionally setting the status of this issue to "release blocker".
----------
nosy: +benjamin.peterson, lukasz.langa, ned.deily
priority: normal -> release blocker
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue30458>
_______________________________________
More information about the Python-bugs-list
mailing list