#12244: python3-3.7.4 -------------------------+--------------------- Reporter: bdubbs | Owner: bdubbs Type: enhancement | Status: closed Priority: high | Milestone: 9.0 Component: BOOK | Version: SVN Severity: normal | Resolution: fixed Keywords: | -------------------------+--------------------- Changes (by renodr):
* priority: normal => high Comment: {{{ bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised. }}} {{{ bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and local_file:// URL schemes in URLopener().open() and URLopener().retrieve() of :mod:urllib.request. }}} Retroactively promote to High -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/12244#comment:4> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page