[3.7] bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) by vstinner · Pull Request #13505 · python/cpython

Azure Pipelines PR #20190522.109 succeeded

Details

bedevere/issue-number Issue number 35907 found

Details

bedevere/maintenance-branch-pr Valid maintenance branch PR title.

bedevere/news News entry found in Misc/NEWS.d

continuous-integration/appveyor/pr AppVeyor build succeeded

Details

continuous-integration/travis-ci/pr The Travis CI build passed

Details

…GH-13474) (pythonGH-13505)

CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL
scheme in URLopener().open() and URLopener().retrieve()
of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3)
(cherry picked from commit 34bab21)

…GH-13474) (pythonGH-13505)

CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL
scheme in URLopener().open() and URLopener().retrieve()
of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3)
(cherry picked from commit 34bab21)

…GH-13474) (pythonGH-13505)

CVE-2019-9948: Avoid file reading by disallowing local-file:// and
local_file:// URL schemes in URLopener().open() and
URLopener().retrieve() of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3)
(cherry picked from commit 34bab21)

…GH-13474) (pythonGH-13505)

CVE-2019-9948: Avoid file reading by disallowing local-file:// and
local_file:// URL schemes in URLopener().open() and
URLopener().retrieve() of urllib.request.

Co-Authored-By: SH <push0ebp@gmail.com>
(cherry picked from commit 0c2b6a3)
(cherry picked from commit 34bab21)