CVE-2019-16935

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If setservertitle is called with untrusted input, arbitrary...

Fedora 30 : python2 / python2-docs (2019-0c91ce7b3c)

The remote Fedora 30 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2019-0c91ce7b3c advisory. Update legacy Python to 2.7.16. Most significant improvement is that is builds against OpenSSL 1.1.1. See upstream release announcement and changelo...

CVE-2019-9740

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

[slackware-security] python

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/python-2.7.16-i586-1slack14.2.txz: Upgraded. Updated to the latest 2.7.x release, which fixes a few security issues. For...