ASA-201906-17 log generated external raw

[ASA-201906-17] python: information disclosure
Arch Linux Security Advisory ASA-201906-17 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-9636 Package : python Type : information disclosure Remote : Yes Link : Summary ======= The package python before version 3.7.3-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 3.7.3-1. # pacman -Syu "python>=3.7.3-1" The problem has been fixed upstream in version 3.7.3. Workaround ========== None. Description =========== Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. A specially crafted URL could be incorrectly parsed by urllib.parse.urlsplit and urllib.parse.urlparse to locate cookies or authentication data and send that information to a different host than when parsed correctly. Impact ====== A remote attacker is able to use a specially crafted URL to locate and disclose cookies or authentication data. References ==========