|
CPython (aka the Python interpreter)
|
Reject non-ASCII port numbers in urllib.parse
|
|
CPython (aka the Python interpreter)
|
Enforce that schemes must begin with an alphabetical ASCII character in urllib.parse
|
|
rfc3986 (the Python library, not the IETF RFC)
|
Reject non-ASCII port numbers
|
|
urllib3 (the 2nd most-downloaded package on PyPI)
|
Remove erroneous character from a regex character class used for URL parsing
|
|
urllib3 (the 2nd most-downloaded package on PyPI)
|
Correct an off-by-one error in an ASCII range check for IDNA encoding
|
|
CPython (aka the Python interpreter)
|
Enforce that HTTP versions consist only of digits in http.server
|
|
AIOHTTP
|
Correct a regex match that should have been fullmatch
|
|
AIOHTTP
|
Add a runtime check for malformed request-targets
|
|
AIOHTTP
|
Catch an unhandled exception caused by invalid UTF-8 in HTTP messages.
|
|
Waitress
|
Add HTTP version and method validation
|
|
llhttp (the HTTP parser built into Node.js)
|
Reject messages containing empty HTTP header names
|
|
Squid
|
Avoid UB invoked by dereferencing NULL (and then taking &)
|
|
uwsgi
|
Avoid UB invoked by strncpy from NULL (even though count is 0)
|
|
libevent
|
Fix integer overflow in HTTP version parser
|
|
libevent
|
Reject HTTP versions with -, +, and 0x prefixes
|
|
Twisted
|
Add missing character to regex character class used for HTTP parsing
|
|
Squid
|
Fix new/delete type mismatch
|
|
Puma
|
Properly strip whitespace from the beginnings of HTTP header values
|
|
cebtree (dependency of HAProxy)
|
Avoid UB invoked by dereferencing NULL (and then taking &)
|
|
APR (dependency of Apache httpd)
|
Avoid UB invoked by memcpy from NULL (even though count is 0)
|
|
glibc
|
Add double-linked skip list consistency check to largebin skip links
|
|
glibc
|
Add size check when moving chunks from fastbin to tcache
|
|
Linux man-pages
|
Properly document the syscall number register for x32 and x86-64
|
|
LLVM
|
Add support for the .base64 directive to the assembler
|
|
Bash
|
Fix undefined bit shifting
|