CVE-2019-9740

Priority
Description
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib
in Python 3.x through 3.7.3. CRLF injection is possible if the attacker
controls a url parameter, as demonstrated by the first argument to
urllib.request.urlopen with \r\n (specifically in the query string after a
? character) followed by an HTTP header or a Redis command.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.3-0ubuntu3.14)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.7.6-8ubuntu0.6+esm2)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.7.12-1ubuntu0~16.04.8)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.7.15-4ubuntu4~18.04.1)
Ubuntu 19.04 (Disco Dingo):released (2.7.16-2ubuntu0.1)
Ubuntu 19.10 (Eoan):not-affected (2.7.16-3)
Patches:
Upstream:https://github.com/python/cpython/commit/bb8071a4cae5ab3fe321481dd3d73662ffb26052
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (3.4.3-1ubuntu1~14.04.7+esm2)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):deferred ([2019-04-10])
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.2-2ubuntu0~16.04.8)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/afe3a4975cf93c97e5d6eb8800e48f368011d37a
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (3.6.8-1~18.04.2)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/c50d437e942d4c4c45c8cd76329b05340c02eb31
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):released (3.7.3-2ubuntu0.1)
Ubuntu 19.10 (Eoan):not-affected (3.7.4-2ubuntu1)
Patches:
Upstream:https://github.com/python/cpython/commit/7e200e0763f5b71c199aaf98bd5588f291585619
More Information

Updated: 2019-10-18 02:48:42 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)