CVE-2019-9948

Priority
Description
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which
makes it easier for remote attackers to bypass protection mechanisms that
blacklist file: URIs, as demonstrated by triggering a
urllib.urlopen('local_file:///etc/passwd') call.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.7.16-2)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.3-0ubuntu3.14)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.7.6-8ubuntu0.6+esm2)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.7.12-1ubuntu0~16.04.8)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.7.15-4ubuntu4~18.04.1)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.7.16-2)
Ubuntu 20.04 (Focal Fossa):not-affected (2.7.16-2)
Patches:
Upstream:https://github.com/python/cpython/commit/b15bde8058e821b383d81fcae68b335a752083ca
Upstream:https://github.com/python/cpython/commit/942c31dffbe886ff02e25a319cc3891220b8c641
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (3.4.3-1ubuntu1~14.04.7+esm2)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):deferred ([2019-04-10])
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.2-2ubuntu0~16.04.8)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (3.6.8-1~18.04.2)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:https://github.com/python/cpython/commit/4f06dae5d8d4400ba38d8502da620f07d4a5696e
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.10 (Eoan Ermine):not-affected (3.7.4~rc2-1)
Ubuntu 20.04 (Focal Fossa):not-affected (3.7.4~rc2-1)
Patches:
Upstream:https://github.com/python/cpython/commit/34bab215596671d0dec2066ae7d7450cd73f638b
More Information

Updated: 2020-01-29 19:05:18 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)