[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-18348/python3.4: reference patch

Sylvain Beucler beuc at debian.org
Thu Jun 25 13:42:33 BST 2020



Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
42e277d2 by Sylvain Beucler at 2020-06-25T14:18:39+02:00
CVE-2019-18348/python3.4: reference patch

- - - - -
56bf3153 by Sylvain Beucler at 2020-06-25T14:19:30+02:00
CVE-2016-1000110/python3.4: reference patch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40693,6 +40693,7 @@ CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17
 	NOTE: https://github.com/python/cpython/commit/9165addc22d05e776a54319a8531ebd0b2fe01ef (master)
 	NOTE: https://github.com/python/cpython/commit/ff69c9d12c1b06af58e5eae5db4630cedd94740e (3.8 branch)
 	NOTE: https://github.com/python/cpython/commit/34f85af3229f86c004a954c3f261ceea1f5e9f95 (3.7 branch)
+	NOTE: https://github.com/python/cpython/commit/09d8172837b6985c4ad90ee025f6b5a554a9f0ac (3.5 branch)
 	NOTE: https://github.com/python/cpython/commit/e176e0c105786e9f476758eb5438c57223b65e7f (v2.7.18rc1)
 	NOTE: https://bugs.python.org/issue38576
 	NOTE: Issue only exploitable if CVE-2016-10739 is unfixed in src:glibc. This is
@@ -211609,6 +211610,7 @@ CVE-2016-1000110 (The CGIHandler class in Python before 2.7.12 does not protect
 	- python2.7 2.7.12-2 (unimportant)
 	- python2.6 <removed> (unimportant)
 	NOTE: https://bugs.python.org/issue27568
+	NOTE: https://github.com/python/cpython/commit/436fe5a447abb69e5e5a4f453325c422af02dcaa (3.4)
 	NOTE: No part of Python does set HTTP_PROXY based on a Proxy: header, the Python bug
 	NOTE: just provides a hardening to discard HTTP_PROXY if it thinks a Python script is
 	NOTE: running as a CGI script



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eb73f926b89668df560cdc64098261c1c98cacac...56bf3153e793a46b2e794dc3909721538f4099a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/eb73f926b89668df560cdc64098261c1c98cacac...56bf3153e793a46b2e794dc3909721538f4099a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200625/9b4d2d2c/attachment.html>


More information about the debian-security-tracker-commits mailing list