bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474)

CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in URLopener().open() and URLopener().retrieve() of urllib.request. Co-Authored-By: SH <push0ebp@gmail.com>
author: Victor Stinner <victor.stinner@gmail.com> 2019-05-22 20:15:01 (GMT)
committer: GitHub <noreply@github.com> 2019-05-22 20:15:01 (GMT)
commit: 0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587 (patch)
tree: d43ef81f590349a7e9d5cff0564f7b4667b43f2c /Misc/NEWS.d/next/Security
parent: 2ddbd21aec7f0e2f237a1073d3e0b313e673413f (diff)
download: cpython-0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587.zip
cpython-0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587.tar.gz
cpython-0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst b/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
new file mode 100644
index 0000000..42aca0b
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
@@ -0,0 +1,2 @@
+CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in
+``URLopener().open()`` ``URLopener().retrieve()`` of :mod:`urllib.request`.
author	Victor Stinner <victor.stinner@gmail.com>	2019-05-22 20:15:01 (GMT)
committer	GitHub <noreply@github.com>	2019-05-22 20:15:01 (GMT)
commit	0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587 (patch)
tree	d43ef81f590349a7e9d5cff0564f7b4667b43f2c /Misc/NEWS.d/next/Security
parent	2ddbd21aec7f0e2f237a1073d3e0b313e673413f (diff)
download	cpython-0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587.zip cpython-0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587.tar.gz cpython-0c2b6a3943aa7b022e8eb4bfd9bffcddebf9a587.tar.bz2