Summary: | <dev-lang/python-{2.7.17,3.5.7,3.6.9,3.7.3}: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mgorny, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1688543 | ||
Whiteboard: | A4 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 689822, 701116 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2019-03-14 08:33:14 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e3fcda6cbf3533091102bc3c7272d0bcf357fb9 commit 1e3fcda6cbf3533091102bc3c7272d0bcf357fb9 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-03-29 12:27:40 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-03-29 12:59:12 +0000 dev-lang/python: Bump to 3.7.3 Bug: https://bugs.gentoo.org/676700 Bug: https://bugs.gentoo.org/680298 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-lang/python/Manifest | 2 + dev-lang/python/python-3.7.3.ebuild | 325 ++++++++++++++++++++++++++++++++++++ 2 files changed, 327 insertions(+) Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. Fixed in 2.7.17 which is not yet available in Gentoo repository. All affected versions should be gone now. Added to an existing GLSA. This issue was resolved and addressed in GLSA 202003-26 at https://security.gentoo.org/glsa/202003-26 by GLSA coordinator Thomas Deutschmann (whissi). |