advisories/24640.adv

type: security
subject: Updated python packages fix security vulnerability
CVE:
 - CVE-2019-9636
src:
  6:
   core:
     - python-2.7.15-1.3.mga6
description: |
  A vulnerability was found in Python 2.x through 2.7.16. An improper
  Handling of Unicode Encoding (with an incorrect netloc) during NFKC
  normalization could lead to an Information Disclosure (credentials,
  cookies, etc. that are cached against a given hostname) in the
  urllib.parse.urlsplit, urllib.parse.urlparse components. A specially
  crafted URL could be incorrectly parsed to locate cookies or
  authentication data and send that information to a different host than
  when parsed correctly (CVE-2019-9636).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24640
 - https://access.redhat.com/errata/RHSA-2019:0710
ID: MGASA-2019-0148
1	davidwhodgins	8464	type: security
2			subject: Updated python packages fix security vulnerability
3			CVE:
4			- CVE-2019-9636
5			src:
6			6:
7			core:
8			- python-2.7.15-1.3.mga6
9			description: \|
10			A vulnerability was found in Python 2.x through 2.7.16. An improper
11			Handling of Unicode Encoding (with an incorrect netloc) during NFKC
12			normalization could lead to an Information Disclosure (credentials,
13			cookies, etc. that are cached against a given hostname) in the
14			urllib.parse.urlsplit, urllib.parse.urlparse components. A specially
15			crafted URL could be incorrectly parsed to locate cookies or
16			authentication data and send that information to a different host than
17			when parsed correctly (CVE-2019-9636).
18			references:
19			- https://bugs.mageia.org/show_bug.cgi?id=24640
20			- https://access.redhat.com/errata/RHSA-2019:0710
21	tmb	8474	ID: MGASA-2019-0148