/[advisories]/24640.adv
ViewVC logotype

Contents of /24640.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 8474 - (show annotations) (download)
Wed Apr 10 21:37:07 2019 UTC (2 months ago) by tmb
File size: 816 byte(s)
MGASA-2019-0148: python-2.7.15-1.3.mga6
1 type: security
2 subject: Updated python packages fix security vulnerability
3 CVE:
4 - CVE-2019-9636
5 src:
6 6:
7 core:
8 - python-2.7.15-1.3.mga6
9 description: |
10 A vulnerability was found in Python 2.x through 2.7.16. An improper
11 Handling of Unicode Encoding (with an incorrect netloc) during NFKC
12 normalization could lead to an Information Disclosure (credentials,
13 cookies, etc. that are cached against a given hostname) in the
14 urllib.parse.urlsplit, urllib.parse.urlparse components. A specially
15 crafted URL could be incorrectly parsed to locate cookies or
16 authentication data and send that information to a different host than
17 when parsed correctly (CVE-2019-9636).
18 references:
19 - https://bugs.mageia.org/show_bug.cgi?id=24640
20 - https://access.redhat.com/errata/RHSA-2019:0710
21 ID: MGASA-2019-0148

  ViewVC Help
Powered by ViewVC 1.1.26