[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-18348/python3.4: reference patch
Sylvain Beucler
beuc at debian.org
Thu Jun 25 13:42:33 BST 2020
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
42e277d2 by Sylvain Beucler at 2020-06-25T14:18:39+02:00
CVE-2019-18348/python3.4: reference patch
- - - - -
56bf3153 by Sylvain Beucler at 2020-06-25T14:19:30+02:00
CVE-2016-1000110/python3.4: reference patch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40693,6 +40693,7 @@ CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17
NOTE: https://github.com/python/cpython/commit/9165addc22d05e776a54319a8531ebd0b2fe01ef (master)
NOTE: https://github.com/python/cpython/commit/ff69c9d12c1b06af58e5eae5db4630cedd94740e (3.8 branch)
NOTE: https://github.com/python/cpython/commit/34f85af3229f86c004a954c3f261ceea1f5e9f95 (3.7 branch)
+ NOTE: https://github.com/python/cpython/commit/09d8172837b6985c4ad90ee025f6b5a554a9f0ac (3.5 branch)
NOTE: https://github.com/python/cpython/commit/e176e0c105786e9f476758eb5438c57223b65e7f (v2.7.18rc1)
NOTE: https://bugs.python.org/issue38576
NOTE: Issue only exploitable if CVE-2016-10739 is unfixed in src:glibc. This is
@@ -211609,6 +211610,7 @@ CVE-2016-1000110 (The CGIHandler class in Python before 2.7.12 does not protect
- python2.7 2.7.12-2 (unimportant)
- python2.6 <removed> (unimportant)
NOTE: https://bugs.python.org/issue27568
+ NOTE: https://github.com/python/cpython/commit/436fe5a447abb69e5e5a4f453325c422af02dcaa (3.4)
NOTE: No part of Python does set HTTP_PROXY based on a Proxy: header, the Python bug
NOTE: just provides a hardening to discard HTTP_PROXY if it thinks a Python script is
NOTE: running as a CGI script
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eb73f926b89668df560cdc64098261c1c98cacac...56bf3153e793a46b2e794dc3909721538f4099a7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eb73f926b89668df560cdc64098261c1c98cacac...56bf3153e793a46b2e794dc3909721538f4099a7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200625/9b4d2d2c/attachment.html>
More information about the debian-security-tracker-commits
mailing list