bpo-35907: Clarify the NEWS entry (GH-13523)

author: Victor Stinner <vstinner@redhat.com> 2019-05-24 20:06:32 (GMT)
committer: GitHub <noreply@github.com> 2019-05-24 20:06:32 (GMT)
commit: deffee57749cf29ba17f50f11fb2a8cbc3e3752d (patch)
tree: d22bd7ba254a33c30a63ba9c74d528d68b6d35ee /Misc
parent: 6de4574c6393b9cf8d7dfb0dc6ce53ee5b9ea841 (diff)
download: cpython-deffee57749cf29ba17f50f11fb2a8cbc3e3752d.zip
cpython-deffee57749cf29ba17f50f11fb2a8cbc3e3752d.tar.gz
cpython-deffee57749cf29ba17f50f11fb2a8cbc3e3752d.tar.bz2
1 files changed, 3 insertions, 2 deletions
diff --git a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst b/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
index 42aca0b..9628c87 100644
--- a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
+++ b/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
@@ -1,2 +1,3 @@
-CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in
-``URLopener().open()`` ``URLopener().retrieve()`` of :mod:`urllib.request`.
+CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
+``local_file://`` URL schemes in ``URLopener().open()``
+``URLopener().retrieve()`` of :mod:`urllib.request`.
author	Victor Stinner <vstinner@redhat.com>	2019-05-24 20:06:32 (GMT)
committer	GitHub <noreply@github.com>	2019-05-24 20:06:32 (GMT)
commit	deffee57749cf29ba17f50f11fb2a8cbc3e3752d (patch)
tree	d22bd7ba254a33c30a63ba9c74d528d68b6d35ee /Misc
parent	6de4574c6393b9cf8d7dfb0dc6ce53ee5b9ea841 (diff)
download	cpython-deffee57749cf29ba17f50f11fb2a8cbc3e3752d.zip cpython-deffee57749cf29ba17f50f11fb2a8cbc3e3752d.tar.gz cpython-deffee57749cf29ba17f50f11fb2a8cbc3e3752d.tar.bz2