#12669 closed enhancement (fixed)

python2-2.7.17

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: high Milestone: 9.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

Change History (3)

comment:1 by Bruce Dubbs, 22 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Douglas R. Reno, 22 months ago

Priority: normalhigh

Just wanted to drop the fact that there's some security fixes here:

.. bpo: 38174
.. date: 2019-09-23-21-02-46
.. nonce: MeWuJd
.. section: Security

Update vendorized expat library version to 2.2.8, which resolves
CVE-2019-15903.
.. bpo: 30458
.. date: 2019-04-10-08-53-30
.. nonce: 51E-DA
.. section: Security

Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or
control characters through into the underlying http client request.  Such
potentially malicious header injection URLs now cause an httplib.InvalidURL
exception to be raised.
.. bpo: 35907
.. date: 2019-02-13-17-21-10
.. nonce: ckk2zg
.. section: Security

CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
``local_file://`` URL schemes in :func:`urllib.urlopen`,
:meth:`urllib.URLopener.open` and :meth:`urllib.URLopener.retrieve`.

comment:3 by Bruce Dubbs, 21 months ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 22297.

Note: See TracTickets for help on using tickets.