ASA-201911-4 log original external raw

[ASA-201911-4] python2: information disclosure
Arch Linux Security Advisory ASA-201911-4 ========================================= Severity: High Date : 2019-11-03 CVE-ID : CVE-2019-9636 Package : python2 Type : information disclosure Remote : Yes Link : Summary ======= The package python2 before version 2.7.17-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 2.7.17-1. # pacman -Syu "python2>=2.7.17-1" The problem has been fixed upstream in version 2.7.17. Workaround ========== None. Description =========== Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. A specially crafted URL could be incorrectly parsed by urllib.parse.urlsplit and urllib.parse.urlparse to locate cookies or authentication data and send that information to a different host than when parsed correctly. Impact ====== A remote attacker is able to craft a malicious URL and transfer private data to a different host than expected. References ==========