diff options
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 4ad66141e..cbe53fec4 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,20 @@ +Sun Oct 20 19:39:21 UTC 2019 +d/python-2.7.17-x86_64-1.txz: Upgraded. + This update fixes bugs and security issues: + Update vendorized expat library version to 2.2.8. + Disallow URL paths with embedded whitespace or control characters into the + underlying http client request. Such potentially malicious header injection + URLs now cause an httplib.InvalidURL exception to be raised. + Avoid file reading by disallowing ``local-file://`` and ``local_file://`` + URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and + :meth:`urllib.URLopener.retrieve`. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948 + (* Security fix *) +n/proftpd-1.3.6b-x86_64-1.txz: Upgraded. ++--------------------------+ Sat Oct 19 19:04:57 UTC 2019 d/python-pip-19.3.1-x86_64-1.txz: Upgraded. l/mozilla-nss-3.47-x86_64-1.txz: Upgraded. |