From 07615ad959d07e47aed35fe00e8da86fdbee03a5 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Fri, 24 May 2019 22:12:11 +0200 Subject: [PATCH] bpo-35907: Clarify the NEWS entry --- .../next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst b/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst index 16adc7a94e2f5f..37b567a5b6f93b 100644 --- a/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst +++ b/Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst @@ -1,2 +1,3 @@ -CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in -``URLopener().open()`` and ``URLopener().retrieve()`` of :mod:`urllib.request`. +CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and +``local_file://`` URL schemes in ``URLopener().open()`` and +``URLopener().retrieve()`` of :mod:`urllib.request`.