From: Antoine Pitrou <solipsis@pitrou.net>
Date: Tue, 16 Sep 2014 22:27:26 +0000 (+0200)
Subject: Lax cookie parsing in http.cookies could be a security issue when combined
X-Git-Tag: v3.5.0a1~914
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0d548873262d1e61f6089eccf43e261b259ec96e;p=thirdparty%2FPython%2Fcpython.git

Lax cookie parsing in http.cookies could be a security issue when combined
with non-standard cookie handling in some Web browsers.

Reported by Sergey Bobrov.
---

0d548873262d1e61f6089eccf43e261b259ec96e
diff --cc Misc/NEWS
index f4d1056eb8d8,e411cdbaf493..802d12fa25d5
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@@ -132,9 -32,10 +132,13 @@@ Core and Builtin
  Library
  -------
  
+ - Lax cookie parsing in http.cookies could be a security issue when combined
+   with non-standard cookie handling in some Web browsers.  Reported by
+   Sergey Bobrov.
+ 
 +- Issue #20537: logging methods now accept an exception instance as well as a
 +  Boolean value or exception tuple. Thanks to Yury Selivanov for the patch.
 +
  - Issue #22384: An exception in Tkinter callback no longer crashes the program
    when it is run with pythonw.exe.