Python urllib.parse does not sanitize URLs containing ASCII newline and tabs. Reference: https://bugs.python.org/issue43882
*** Bug 2047377 has been marked as a duplicate of this bug. ***
Created mingw-python3 tracking bugs for this issue: Affects: fedora-all [bug 2047578] Created python2.7 tracking bugs for this issue: Affects: fedora-all [bug 2047579] Created python3.10 tracking bugs for this issue: Affects: fedora-all [bug 2047585] Created python3.11 tracking bugs for this issue: Affects: fedora-all [bug 2047587] Created python3.5 tracking bugs for this issue: Affects: fedora-all [bug 2047580] Created python3.6 tracking bugs for this issue: Affects: fedora-all [bug 2047581] Created python3.7 tracking bugs for this issue: Affects: fedora-all [bug 2047582] Created python3.8 tracking bugs for this issue: Affects: fedora-all [bug 2047583] Created python3.9 tracking bugs for this issue: Affects: fedora-all [bug 2047584] Created python34 tracking bugs for this issue: Affects: epel-all [bug 2047577]
Sandipan, I've actually collected the versions where this was fixed and ye we have received 6 pointless outdated reports for Fedora python3.6 to python3.11 nevertheless. What is exactly the purpose? If you need that for some kind fo tracking, could you report the bugzillas but close them immediatelly?
Hello Miro, I will close those kinds of tracking bugs from now on. Thanks.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:1663 https://access.redhat.com/errata/RHSA-2022:1663
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1764 https://access.redhat.com/errata/RHSA-2022:1764
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1821 https://access.redhat.com/errata/RHSA-2022:1821
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0391
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6457 https://access.redhat.com/errata/RHSA-2022:6457
Created mingw-python3 tracking bugs for this issue: Affects: fedora-all [bug 2292369]
@saroy could you please check the versions before creating new trackers? As pointed out in comment 3 here in the same bugzilla by Miro from January 2021, we have received pointless trackers for components where the vulnerability is not present because we ship newer versions. Now, you've created trackers for Python 3.9 in RHEL 9. The vulnerability is fixed in 3.9.5 (as you can see here for years now) and we have 3.9.19 in RHEL 9. The vulnerability was fixed by the update to 3.9.5 in May 2021. Do you need these trackers for something special? If so, could you please check the versions of the affected components and close the trackers immediately, or not create them at all?
According to the CVE RHEL 9 is affected, and not fixed yet. https://access.redhat.com/security/cve/CVE-2022-0391 Products / Services Components State Red Hat Enterprise Linux 9 python3.9 Affected > The vulnerability is fixed in 3.9.5 (as you can see here for years now) and we have 3.9.19 in RHEL 9. The vulnerability was fixed by the update to 3.9.5 in May 2021. Are you saying that RHEL 9 was never vulnerable?
(In reply to jcastran from comment #35) > According to the CVE RHEL 9 is affected, and not fixed yet. > > https://access.redhat.com/security/cve/CVE-2022-0391 > > Products / Services Components State > Red Hat Enterprise Linux 9 python3.9 Affected > > > The vulnerability is fixed in 3.9.5 (as you can see here for years now) and we have 3.9.19 in RHEL 9. The vulnerability was fixed by the update to 3.9.5 in May 2021. > > Are you saying that RHEL 9 was never vulnerable? Correct. RHEL 9 was never affected. We had Python 3.9.6 in RHEL 9.0.0 beta and version 3.9.10 in RHEL 9.0.0 GA. See https://errata.devel.redhat.com/advisory/81331/builds