Re: [blfs-book] [BLFS Trac] #12244: python3-3.7.4

BLFS Trac via blfs-book Tue, 09 Jul 2019 19:48:59 -0700

#12244: python3-3.7.4
-------------------------+---------------------
 Reporter:  bdubbs       |       Owner:  bdubbs
     Type:  enhancement  |      Status:  closed
 Priority:  high         |   Milestone:  9.0
Component:  BOOK         |     Version:  SVN
 Severity:  normal       |  Resolution:  fixed
 Keywords:               |
-------------------------+---------------------
Changes (by renodr):


 * priority:  normal => high


Comment:

 {{{
 bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded
 whitespace or control characters through into the underlying http client
 request. Such potentially malicious header injection URLs now cause an
 http.client.InvalidURL exception to be raised.
 }}}

 {{{
 bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file://
 and local_file:// URL schemes in URLopener().open() and
 URLopener().retrieve() of :mod:urllib.request.
 }}}

 Retroactively promote to High

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/12244#comment:4>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #12244: python3-3.7.4

Reply via email to