pool/python
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CVE-2019-18348 to changes

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=302
This commit is contained in:
Matej Cepl 2021-09-17 19:42:42 +00:00 committed by Git OBS Bridge
parent eab39a1bee
commit 40fb7b0f61
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
python-base.changes
View File

@ -76,8 +76,9 @@ Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl <mcepl@suse.com>
- Fixed line numbers and column offsets for AST nodes for calls - Fixed line numbers and column offsets for AST nodes for calls
without arguments in decorators. without arguments in decorators.
- Disallow control characters in hostnames in http.client, - Disallow control characters in hostnames in http.client,
addressing CVE-2019-18348. Such potentially malicious header addressing CVE-2019-18348 (bpo#38576, bsc#1155094). Such
injection URLs now cause a InvalidURL to be raised. potentially malicious header injection URLs now cause
InvalidURL to be raised.
- Fix urllib.urlretrieve failing on subsequent ftp transfers - Fix urllib.urlretrieve failing on subsequent ftp transfers
from the same host. from the same host.
- Fix problems identified by GCC's -Wstringop-truncation - Fix problems identified by GCC's -Wstringop-truncation