[issue13703] Hash collision security issue
Huzaifa Sidhpurwala added the comment: I am wondering if a CVE id has been assigned to this security issue yet? -- nosy: +Huzaifa.Sidhpurwala ___ Python tracker <http://bugs.python.org/issue13703> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11197] information leakage with SimpleHTTPServer
Huzaifa Sidhpurwala added the comment: It seems python was being blamed for what is essentially the fault of lynx. The following would translate into browsing files locally from the system and not from the web: lynx http://localhost:8000/../../../../../../../../etc/passwd The correct syntax for testing should have been: lynx http://localhost:8000/../../../../../../../../etc/passwd -- nosy: +Huzaifa.Sidhpurwala ___ Python tracker <http://bugs.python.org/issue11197> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11197] information leakage with SimpleHTTPServer
Huzaifa Sidhpurwala added the comment: This should have been lynx localhost:8000/../../../../../../../../etc/passwd v/s lynx http://localhost:8000/../../../../../../../../etc/passwd -- ___ Python tracker <http://bugs.python.org/issue11197> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14579] Vulnerability in the utf-16 decoder after error handling
Huzaifa Sidhpurwala added the comment: I have not tried the patch yet, but modifying the reproducer yields a different crash. This one seems to be a heap-based buffer overflow which is slightly more serious. In the reproducer, you just need to replace ascii() with str(). Again works on python3 only. -- nosy: +Huzaifa.Sidhpurwala ___ Python tracker <http://bugs.python.org/issue14579> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
