mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-29 03:35:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

bpo-35907: Clarify the NEWS entry (GH-13523)

Browse source
This commit is contained in:
Victor Stinner 2019-05-24 22:06:32 +02:00 committed by GitHub
parent 6de4574c63
commit deffee5774
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
View file

@ -1,2 +1,3 @@
CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in
``URLopener().open()`` ``URLopener().retrieve()`` of :mod:`urllib.request`.
CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
``local_file://`` URL schemes in ``URLopener().open()``
``URLopener().retrieve()`` of :mod:`urllib.request`.