Overview

File _patchinfo of Package patchinfo.10821

<patchinfo incident="10821">
  <issue tracker="bnc" id="1130847">VUL-1: CVE-2019-9948: python,python3,python27: support of the local_file: scheme makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs</issue>
  <issue tracker="bnc" id="1129346">VUL-0: CVE-2019-9636: python3,python27: python: Information Disclosure due to urlsplit improper NFKC normalization</issue>
  <issue tracker="cve" id="2019-9636"/>
  <issue tracker="cve" id="2019-9948"/>
  <packager>mcepl</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python</summary>
  <description>This update for python fixes the following issues:

Security issues fixed:

- CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead (bsc#1130847).
- CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization (bsc#1129346).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places