Accepting request 717086 from home:mcepl:branches:devel:languages:python:Factory

Add CVE patch. OBS-URL: https://build.opensuse.org/request/show/717086 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=247
2019-07-19 12:54:06 +00:00
parent f532ba5ac3
commit 4a730b55c6
5 changed files with 124 additions and 0 deletions
--- a/python-base.changes
+++ b/python-base.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Jul 19 13:28:16 CEST 2019 - Matej Cepl <mcepl@suse.com>
+
+- boo#1141853 (CVE-2018-20852) add
+  CVE-2018-20852-cookie-domain-check.patch fixing
+  http.cookiejar.DefaultPolicy.domain_return_ok which did not
+  correctly validate the domain: it could be tricked into sending
+  cookies to the wrong server.
+
 -------------------------------------------------------------------
 Fri Jul 19 11:19:42 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>