Skip to content

CVE-2013-7440 doesn't apply to Python 2.7#10

Merged
vstinner merged 1 commit into
vstinner:masterfrom
davidfraser:add-cve-2013-7440-py2.7-info
Aug 20, 2018
Merged

CVE-2013-7440 doesn't apply to Python 2.7#10
vstinner merged 1 commit into
vstinner:masterfrom
davidfraser:add-cve-2013-7440-py2.7-info

Conversation

@davidfraser
Copy link
Copy Markdown
Contributor

@davidfraser davidfraser commented Aug 14, 2018

Add a note explaining that although the CVE description says that this affects versions of Python 2.7 before 2.7.9, the match_hostname function was actually only added in 2.7.9, and was added with this fix already applied.
(It's hard to trawl through the history and work out what's happening otherwise)

See commit daeb925cc88cc8fed2030166ade641de28edb396 to cpython for when the actual change was made.

@davidfraser
CVE-2013-7440 doesn't apply to Python 2.7
8df1b16 
Add a note explaining that although the CVE description says that this affects versions of Python 2.7 before 2.7.9, the `match_hostname` function was actually only added in 2.7.9, and was added with this fix already applied.
(It's hard to trawl through the history and work out what's happening otherwise)
@vstinner vstinner merged commit 3377297 into vstinner:master Aug 20, 2018
@vstinner
Copy link
Copy Markdown
Owner

vstinner commented Aug 20, 2018

I merged your PR. It should be online in 15 min.

@davidfraser davidfraser deleted the add-cve-2013-7440-py2.7-info branch August 20, 2018 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@davidfraser @vstinner