1 |
davidwhodgins |
8464 |
type: security |
2 |
|
|
subject: Updated python packages fix security vulnerability |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2019-9636 |
5 |
|
|
src: |
6 |
|
|
6: |
7 |
|
|
core: |
8 |
|
|
- python-2.7.15-1.3.mga6 |
9 |
|
|
description: | |
10 |
|
|
A vulnerability was found in Python 2.x through 2.7.16. An improper |
11 |
|
|
Handling of Unicode Encoding (with an incorrect netloc) during NFKC |
12 |
|
|
normalization could lead to an Information Disclosure (credentials, |
13 |
|
|
cookies, etc. that are cached against a given hostname) in the |
14 |
|
|
urllib.parse.urlsplit, urllib.parse.urlparse components. A specially |
15 |
|
|
crafted URL could be incorrectly parsed to locate cookies or |
16 |
|
|
authentication data and send that information to a different host than |
17 |
|
|
when parsed correctly (CVE-2019-9636). |
18 |
|
|
references: |
19 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=24640 |
20 |
|
|
- https://access.redhat.com/errata/RHSA-2019:0710 |
21 |
tmb |
8474 |
ID: MGASA-2019-0148 |