[issue36384] [security] CVE-2021-29921: ipaddress Should not reject IPv4 addresses with leading zeroes as ambiguously octal
STINNER Victor
report at bugs.python.org
Tue May 25 12:44:50 EDT 2021
STINNER Victor <vstinner at python.org> added the comment:
George-Cristian Bîrzan: "The timeline there is wrong."
Fixed: https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html#timeline
The strange part is "2019-03-20 (-741 days): Python issue bpo-36384 reported by Joel Croteau".
The problem is that this issue was "reused" for two different things: the initial change and the vulnerability.
Maybe I can removed the reference to the bpo to remove it from the timeline (and put it in links).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36384>
_______________________________________
More information about the Python-bugs-list
mailing list