diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2019-10-20 19:39:21 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2019-10-21 08:59:48 +0200 |
| commit | 71ceb94a1412ec19af5c69ad44880ad5cd8fd643 (patch) | |
| tree | af9ec480fd862c2fe72b66f57ad1e19a239a85cc /ChangeLog.txt | |
| parent | dd05912ef1074e257322f16fb01938f2463175c7 (diff) | |
| download | current-71ceb94a1412ec19af5c69ad44880ad5cd8fd643.tar.gz current-71ceb94a1412ec19af5c69ad44880ad5cd8fd643.tar.xz | |
Sun Oct 20 19:39:21 UTC 201920191020193921
d/python-2.7.17-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Update vendorized expat library version to 2.2.8.
Disallow URL paths with embedded whitespace or control characters into the
underlying http client request. Such potentially malicious header injection
URLs now cause an httplib.InvalidURL exception to be raised.
Avoid file reading by disallowing ``local-file://`` and ``local_file://``
URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
:meth:`urllib.URLopener.retrieve`.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
(* Security fix *)
n/proftpd-1.3.6b-x86_64-1.txz: Upgraded.
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 4ad66141e..cbe53fec4 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,20 @@ +Sun Oct 20 19:39:21 UTC 2019 +d/python-2.7.17-x86_64-1.txz: Upgraded. + This update fixes bugs and security issues: + Update vendorized expat library version to 2.2.8. + Disallow URL paths with embedded whitespace or control characters into the + underlying http client request. Such potentially malicious header injection + URLs now cause an httplib.InvalidURL exception to be raised. + Avoid file reading by disallowing ``local-file://`` and ``local_file://`` + URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and + :meth:`urllib.URLopener.retrieve`. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948 + (* Security fix *) +n/proftpd-1.3.6b-x86_64-1.txz: Upgraded. ++--------------------------+ Sat Oct 19 19:04:57 UTC 2019 d/python-pip-19.3.1-x86_64-1.txz: Upgraded. l/mozilla-nss-3.47-x86_64-1.txz: Upgraded. |