[Bug 210539] lang/python33: HTTP Header Injection in Python urllib (CVE-2016-5699)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Jul 9 18:34:12 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210539
--- Comment #7 from Vladimir Krstulja <vlad-fbsd at acheronmedia.com> ---
(In reply to Kubilay Kocak from comment #6)
Sure. The build passes Poudriere 10.3 amd64. I haven't yet tested with a 9.3
jail. The unit tests pass in both ways. Without the patch to HTTPMessage the
tests fail meaning it's vulnerable. Witht he patch the tests pass meaning it's
fixed. I was looking only at the test_invalid_headers() test. Some other tests
fail, but have failed before this patch too and I have yet to figure out if
that's because of my jail set up.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-python
mailing list