summaryrefslogtreecommitdiff
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt17
1 files changed, 17 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 4ad66141..cbe53fec 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,20 @@
+Sun Oct 20 19:39:21 UTC 2019
+d/python-2.7.17-x86_64-1.txz: Upgraded.
+ This update fixes bugs and security issues:
+ Update vendorized expat library version to 2.2.8.
+ Disallow URL paths with embedded whitespace or control characters into the
+ underlying http client request. Such potentially malicious header injection
+ URLs now cause an httplib.InvalidURL exception to be raised.
+ Avoid file reading by disallowing ``local-file://`` and ``local_file://``
+ URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
+ :meth:`urllib.URLopener.retrieve`.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
+ (* Security fix *)
+n/proftpd-1.3.6b-x86_64-1.txz: Upgraded.
++--------------------------+
Sat Oct 19 19:04:57 UTC 2019
d/python-pip-19.3.1-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.47-x86_64-1.txz: Upgraded.