bpo-30500: urllib connects to a wrong host¶

The urllib module doesn’t parse correctly password containing the # character.

Disclosure date: 2017-05-29 (Python issue bpo-30500 reported)
Reported at: 2017-03-04 (Orange Tsai on the PSRT list)

Fixed In¶

Python 2.7.14 (2017-09-17) fixed by commit d4324ba (branch 2.7) (2017-06-20)
Python 3.3.7 (2017-09-19) fixed by commit 052f9d6 (branch 3.3) (2017-07-26)
Python 3.4.7 (2017-08-09) fixed by commit cc54c1c (branch 3.4) (2017-07-12)
Python 3.5.4 (2017-08-08) fixed by commit 4899d84 (branch 3.5) (2017-06-20)
Python 3.6.2 (2017-07-17) fixed by commit b0fba88 (branch 3.6) (2017-06-20)
Python 3.7.0 (2018-06-28) fixed by commit 90e01e5 (branch 3.7) (2017-06-20)

Python issue¶

[security] urllib connects to a wrong host.

Python issue: bpo-30500
Creation date: 2017-05-29
Reporter: Nam Nguyen

Timeline¶

Timeline using the disclosure date 2017-05-29 as reference:

2017-03-04 (-86 days): Reported (Orange Tsai on the PSRT list)
2017-05-29: Python issue bpo-30500 reported by Nam Nguyen
2017-06-20 (+22 days): commit 4899d84 (branch 3.5)
2017-06-20 (+22 days): commit 90e01e5 (branch 3.7)
2017-06-20 (+22 days): commit b0fba88 (branch 3.6)
2017-06-20 (+22 days): commit d4324ba (branch 2.7)
2017-07-12 (+44 days): commit cc54c1c (branch 3.4)
2017-07-17 (+49 days): Python 3.6.2 released
2017-07-26 (+58 days): commit 052f9d6 (branch 3.3)
2017-08-08 (+71 days): Python 3.5.4 released
2017-08-09 (+72 days): Python 3.4.7 released
2017-09-17 (+111 days): Python 2.7.14 released
2017-09-19 (+113 days): Python 3.3.7 released
2018-06-28: Python 3.7.0 released

Read the Docs v: latest

Versions: latest

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.