CVE-2019-9636

Priority
Description
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper
Handling of Unicode Encoding (with an incorrect netloc) during NFKC
normalization. The impact is: Information disclosure (credentials, cookies,
etc. that are cached against a given hostname). The components are:
urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A
specially crafted URL could be incorrectly parsed to locate cookies or
authentication data and send that information to a different host than when
parsed correctly.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.7.16-2)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.3-0ubuntu3.14)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.7.6-8ubuntu0.6+esm2)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.7.12-1ubuntu0~16.04.8)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.7.15-4ubuntu4~18.04.1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.7.16-2)
Ubuntu 19.10 (Eoan):not-affected (2.7.16-2)
Patches:
Upstream:https://github.com/python/cpython/commit/e37ef41289b77e0f0bb9a6aedb0360664c55bdd5
Upstream:https://github.com/python/cpython/commit/507bd8cde60ced74d13a1ffa883bb9b0e73c38be
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (3.4.3-1ubuntu1~14.04.7+esm2)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/62d36547f97210a26cc6051da78714fd078e158c
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.2-2ubuntu0~16.04.8)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/c0d95113b070799679bcb9dc49d4960d82e8bb08
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (3.6.8-1~18.04.2)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/23fc0416454c4ad5b9b23d520fbe6d89be3efc24
Package
Upstream:released (3.7.3~rc1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.7.3~rc1-1)
Ubuntu 19.04 (Disco Dingo):not-affected (3.7.3-2)
Ubuntu 19.10 (Eoan):not-affected (3.7.3-2)
Patches:
Upstream:https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be
More Information

Updated: 2019-10-18 02:48:40 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)