CVE-2019-9636

Priority
Description
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper
Handling of Unicode Encoding (with an incorrect netloc) during NFKC
normalization. The impact is: Information disclosure (credentials, cookies,
etc. that are cached against a given hostname). The components are:
urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A
specially crafted URL could be incorrectly parsed to locate cookies or
authentication data and send that information to a different host than when
parsed correctly.
Assigned-to
mdeslaur
Package
Upstream:released (2.7.16-2)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):pending (2.7.16-2~18.10)
Ubuntu 19.04 (Disco Dingo):not-affected (2.7.16-2)
Ubuntu 19.10 (Eoan):not-affected (2.7.16-2)
Patches:
Upstream:https://github.com/python/cpython/commit/e37ef41289b77e0f0bb9a6aedb0360664c55bdd5
Upstream:https://github.com/python/cpython/commit/507bd8cde60ced74d13a1ffa883bb9b0e73c38be
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/62d36547f97210a26cc6051da78714fd078e158c
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/c0d95113b070799679bcb9dc49d4960d82e8bb08
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/23fc0416454c4ad5b9b23d520fbe6d89be3efc24
Package
Upstream:released (3.7.3~rc1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.7.3~rc1-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (3.7.3~rc1-1)
Ubuntu 19.04 (Disco Dingo):not-affected (3.7.3-2)
Ubuntu 19.10 (Eoan):not-affected (3.7.3-2)
Patches:
Upstream:https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be
More Information

Updated: 2019-05-15 17:18:21 UTC (commit 2d71aefac924bf16479c12958688c37878e881eb)