MGASA-2019-0148

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0148.html

Import Source

https://advisories.mageia.org/MGASA-2019-0148.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2019-0148

Related

CVE-2019-9636

Published

2019-04-10T22:07:23Z

Modified

2019-04-10T21:37:07Z

Summary

Updated python packages fix security vulnerability

Details

A vulnerability was found in Python 2.x through 2.7.16. An improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization could lead to an Information Disclosure (credentials, cookies, etc. that are cached against a given hostname) in the urllib.parse.urlsplit, urllib.parse.urlparse components. A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly (CVE-2019-9636).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / python

Package

Name: python
Purl: pkg:rpm/mageia/python?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.15-1.3.mga6

Ecosystem specific

{
    "section": "core"
}