Bug 1875728
| Summary: | http.client: HTTP Header Injection in the HTTP method | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Christophe Besson <cbesson> | |
| Component: | python3 | Assignee: | Python Maintainers <python-maint> | |
| Status: | CLOSED DUPLICATE | QA Contact: | RHEL CS Apps Subsystem QE <rhel-cs-apps-subsystem-qe> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 7.8 | CC: | mcascell, pviktori, torsava | |
| Target Milestone: | rc | Keywords: | Patch, TestCaseProvided | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1875735 (view as bug list) | Environment: | ||
| Last Closed: | 2020-10-05 10:49:11 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1875735 | |||
CVE-2020-26116 has been assigned to this flaw. Please refer to BZ#1883014 for more information. Can we close this (and related BZ#1875735)? Closing this bug as duplicate of BZ#1883014. *** This bug has been marked as a duplicate of bug 1883014 *** |
Description of problem: The issue in question has been merged upstream in July 2020 [security] http.client: HTTP Header Injection in the HTTP method https://bugs.python.org/issue39603 Version-Release number of selected component (if applicable): python3-libs-3.6.8-13.el7.x86_64 This commit is not included in our versions: https://github.com/python/cpython/commit/f02de961b9f19a5db0ead56305fe0057a78787ae It also concerns all SCL versions. Should be backport this patch?