#12669: python2-2.7.17
-------------------------+-----------------------
Reporter: renodr | Owner: bdubbs
Type: enhancement | Status: assigned
Priority: high | Milestone: 9.1
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Changes (by renodr):
* priority: normal => high
Comment:
Just wanted to drop the fact that there's some security fixes here:
{{{
.. bpo: 38174
.. date: 2019-09-23-21-02-46
.. nonce: MeWuJd
.. section: Security
Update vendorized expat library version to 2.2.8, which resolves
CVE-2019-15903.
}}}
{{{
.. bpo: 30458
.. date: 2019-04-10-08-53-30
.. nonce: 51E-DA
.. section: Security
Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or
control characters through into the underlying http client request. Such
potentially malicious header injection URLs now cause an
httplib.InvalidURL
exception to be raised.
}}}
{{{
.. bpo: 35907
.. date: 2019-02-13-17-21-10
.. nonce: ckk2zg
.. section: Security
CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
``local_file://`` URL schemes in :func:`urllib.urlopen`,
:meth:`urllib.URLopener.open` and :meth:`urllib.URLopener.retrieve`.
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/12669#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
