This bug was fixed in the package python2.7 - 2.7.16-2
---------------
python2.7 (2.7.16-2) unstable; urgency=high
[ Matthias Klose ]
* CVE-2019-9636. Fix issue #36216: Add check for characters in netloc that
normalize to separators. Closes: #924073.
* CVE-2019-9948. Fix issue #35907: Stop urllib exposing the local_file schema
(file://).
[ Dimitri John Ledkov ]
* Bump Build-Depedency and Dependency of libssl-dev and libss1.1 to
1.1.1 or higher. As TLS1.3 constants leak into ssl module, thus one
shouldn't mix and match python2.7 & libssl1.1. LP: #1808476
-- Matthias Klose <[email protected]> Sat, 06 Apr 2019 03:42:57 +0200
** Changed in: python2.7 (Ubuntu Disco)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9636
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9948
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1808476
Title:
Please bump libssl1.1 dependency to at least >= 1.1.1, as headers leak
constants
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1808476/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
