dgit.raspbian.org Git - python3.9.git/commit

author	Seth Michael Larson <seth@python.org>
	Fri, 31 Jan 2025 17:41:34 +0000 (11:41 -0600)
committer	Arnaud Rebillout <arnaudr@debian.org>
	Tue, 14 Apr 2026 04:38:32 +0000 (11:38 +0700)
commit	ffec2f1f3060c91c8285c8a8ccc48711d26102d2
tree	f4f1780ab3df8f4962fd48c9d75a6ba594e9a3ec	tree \| snapshot
parent	de9575fa9b1dc570faac16b05f5bbd76fffcdb4a	commit \| diff

[PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain names for parsed URLs (GH-129418)

* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs

* Use Sphinx references

Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
* Add mismatched bracket test cases, fix news format

* Add more test coverage for ports

---------

(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
origin: https://github.com/python/cpython/commit/b1e8501473c59485a55452dda94270a61c9ce14d
bug-freexian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-0938
bug: https://github.com/python/cpython/pull/129530

Gbp-Pq: Name CVE-2025-0938.patch

Lib/test/test_urlparse.py		diff \| blob \| history
Lib/urllib/parse.py		diff \| blob \| history
Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst	[new file with mode: 0644]	blob