{"id":"MGASA-2019-0148","summary":"Updated python packages fix security vulnerability","details":"A vulnerability was found in Python 2.x through 2.7.16. An improper\nHandling of Unicode Encoding (with an incorrect netloc) during NFKC\nnormalization could lead to an Information Disclosure (credentials,\ncookies, etc. that are cached against a given hostname) in the\nurllib.parse.urlsplit, urllib.parse.urlparse components. A specially\ncrafted URL could be incorrectly parsed to locate cookies or\nauthentication data and send that information to a different host than\nwhen parsed correctly (CVE-2019-9636).\n","modified":"2026-04-16T00:09:22.848374507Z","published":"2019-04-10T22:07:23Z","upstream":["CVE-2019-9636"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0148.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24640"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2019:0710"}],"affected":[{"package":{"name":"python","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/python?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.15-1.3.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0148.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}