[Python-checkins] bpo-35907: Clarify the NEWS entry (GH-13557)
Victor Stinner
webhook-mailer at python.org
Fri May 24 17:29:00 EDT 2019
https://github.com/python/cpython/commit/d9d1045837e5356331b6d5e24cbd1286acb62b5d
commit: d9d1045837e5356331b6d5e24cbd1286acb62b5d
branch: 2.7
author: Victor Stinner <vstinner at redhat.com>
committer: GitHub <noreply at github.com>
date: 2019-05-24T23:28:56+02:00
summary:
bpo-35907: Clarify the NEWS entry (GH-13557)
files:
A Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
D Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
diff --git a/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst b/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
deleted file mode 100644
index 6a448ce6261c..000000000000
--- a/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in
-:func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
-:meth:`urllib.URLopener.retrieve`.
diff --git a/Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst b/Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
new file mode 100644
index 000000000000..a42a386022fa
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
@@ -0,0 +1,3 @@
+CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
+``local_file://`` URL schemes in :func:`urllib.urlopen`,
+:meth:`urllib.URLopener.open` and :meth:`urllib.URLopener.retrieve`.
More information about the Python-checkins
mailing list