Add CVE-2019-18348 to changes

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=302
2021-09-17 19:42:42 +00:00 · 2021-09-17 19:42:42 +00:00 · 40fb7b0f61
commit 40fb7b0f61
parent eab39a1bee
1 changed files with 3 additions and 2 deletions
--- a/python-base.changes
+++ b/python-base.changes
@ -76,8 +76,9 @@ Thu Apr 23 09:17:24 UTC 2020 - Matej Cepl <mcepl@suse.com>
  - Fixed line numbers and column offsets for AST nodes for calls
    without arguments in decorators.
  - Disallow control characters in hostnames in http.client,
-    addressing CVE-2019-18348. Such potentially malicious header
-    injection URLs now cause a InvalidURL to be raised.
+    addressing CVE-2019-18348 (bpo#38576, bsc#1155094). Such
+    potentially malicious header injection URLs now cause
+    InvalidURL to be raised.
  - Fix urllib.urlretrieve failing on subsequent ftp transfers
    from the same host.
  - Fix problems identified by GCC's -Wstringop-truncation