Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity
cpython/Misc/NEWS.d/next/Security
History
Christian Heimes 477b1b2576 bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499) 
ssl.match_hostname() no longer accepts IPv4 addresses with additional text
after the address and only quad-dotted notation without trailing
whitespaces. Some inet_aton() implementations ignore whitespace and all data
after whitespace, e.g. '127.0.0.1 whatever'.

Short notations like '127.1' for '127.0.0.1' were already filtered out.

The bug was initially found by Dominik Czarnota and reported by Paul Kehrer.

Signed-off-by: Christian Heimes <christian@python.org>



https://bugs.python.org/issue37463
 		2019-07-02 11:39:42 -07:00
..
2019-06-17-09-34-25.bpo-34631.DBfM4j.rst bpo-34631: Updated OpenSSL to 1.1.1c in Windows installer (GH-14163) 2019-06-17 11:36:08 -07:00
2019-06-21-14-42-53.bpo-37364.IIRc2s.rst bpo-37364: Use io.open_code() to read .pth files (GH-14299) 2019-06-21 15:16:46 -07:00
2019-06-21-15-58-59.bpo-37363.diouyl.rst bpo-37363: Add audit events for a range of modules (GH-14301) 2019-06-24 08:42:54 -07:00
2019-07-01-08-46-14.bpo-37463.1CHwjE.rst bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499) 2019-07-02 11:39:42 -07:00
2019-07-01-10-31-14.bpo-37363.fSjatj.rst bpo-37363: Add audit events on startup for the run commands (GH-14524) 2019-07-01 16:03:53 -07:00
README.rst Link to blurb on PyPI in the NEWS.d READMEs. (#3323) 2017-09-05 10:38:05 -07:00

README.rst 

Put news entry `blurb`_ files for the *Security* section in this directory.

.. _blurb: https://pypi.org/project/blurb/