From d9d1045837e5356331b6d5e24cbd1286acb62b5d Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 24 May 2019 23:28:56 +0200 Subject: bpo-35907: Clarify the NEWS entry (GH-13557) --- Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst | 3 --- Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst create mode 100644 Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst diff --git a/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst b/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst deleted file mode 100644 index 6a448ce..0000000 --- a/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst +++ /dev/null @@ -1,3 +0,0 @@ -CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in -:func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and -:meth:`urllib.URLopener.retrieve`. diff --git a/Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst b/Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst new file mode 100644 index 0000000..a42a386 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst @@ -0,0 +1,3 @@ +CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and +``local_file://`` URL schemes in :func:`urllib.urlopen`, +:meth:`urllib.URLopener.open` and :meth:`urllib.URLopener.retrieve`. -- cgit v0.12