dgit.raspbian.org Git - python3.9.git/commit

author	Seth Michael Larson <seth@python.org>
	Fri, 31 Jan 2025 17:41:34 +0000 (11:41 -0600)
committer	Andrej Shadura <andrewsh@debian.org>
	Tue, 20 Jan 2026 10:45:10 +0000 (11:45 +0100)
commit	64872095019fe54cfdbee7f03858b13f0e7272a9
tree	e3530480f629789b7ac633f5ffc1d1660500605e	tree \| snapshot
parent	5f5cf526b5421ec92f3a4c2cbf3a1f3d4281d82d	commit \| diff

[PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain names for parsed URLs (GH-129418)

* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs

* Use Sphinx references

Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
* Add mismatched bracket test cases, fix news format

* Add more test coverage for ports

---------

(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
origin: https://github.com/python/cpython/commit/b1e8501473c59485a55452dda94270a61c9ce14d
bug-freexian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-0938
bug: https://github.com/python/cpython/pull/129530

Gbp-Pq: Name CVE-2025-0938.patch

Lib/test/test_urlparse.py		diff \| blob \| history
Lib/urllib/parse.py		diff \| blob \| history
Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst	[new file with mode: 0644]	blob