[Python-checkins] bpo-35907: Clarify the NEWS entry (GH-13558)
Victor Stinner
webhook-mailer at python.org
Fri May 24 17:29:14 EDT 2019
https://github.com/python/cpython/commit/cee4ac8135fe9cf99de4ceca52d1f53e14b69dba
commit: cee4ac8135fe9cf99de4ceca52d1f53e14b69dba
branch: 3.7
author: Victor Stinner <vstinner at redhat.com>
committer: GitHub <noreply at github.com>
date: 2019-05-24T23:29:10+02:00
summary:
bpo-35907: Clarify the NEWS entry (GH-13558)
files:
M Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
diff --git a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst b/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
index 16adc7a94e2f..37b567a5b6f9 100644
--- a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
+++ b/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst
@@ -1,2 +1,3 @@
-CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in
-``URLopener().open()`` and ``URLopener().retrieve()`` of :mod:`urllib.request`.
+CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
+``local_file://`` URL schemes in ``URLopener().open()`` and
+``URLopener().retrieve()`` of :mod:`urllib.request`.
More information about the Python-checkins
mailing list