dgit.raspbian.org Git - python3.9.git/commit

author	Seth Michael Larson <seth@python.org>
	Fri, 31 Jan 2025 17:41:34 +0000 (11:41 -0600)
committer	Andrej Shadura <andrewsh@debian.org>
	Sun, 25 Jan 2026 13:37:52 +0000 (14:37 +0100)
commit	a1b009d5715d3d7030b221ef4e9b314f6b1c1a29
tree	2f52406796c2b2b17b7b61da1783ae1da09292dd	tree \| snapshot
parent	21f32f7fa6b382f77aa4d02811aa5023679d4252	commit \| diff

[PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain names for parsed URLs (GH-129418)

* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs

* Use Sphinx references

Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
* Add mismatched bracket test cases, fix news format

* Add more test coverage for ports

---------

(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
origin: https://github.com/python/cpython/commit/b1e8501473c59485a55452dda94270a61c9ce14d
bug-freexian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-0938
bug: https://github.com/python/cpython/pull/129530

Gbp-Pq: Name CVE-2025-0938.patch

Lib/test/test_urlparse.py		diff \| blob \| history
Lib/urllib/parse.py		diff \| blob \| history
Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst	[new file with mode: 0644]	blob