CVE-2019-9636 SNYK-DEBIAN8-PYTHON27-340042

## NVD Description
**_Note:_** _Versions mentioned in the description apply only to the upstream `python2.7` package and not the `python2.7` package as distributed by `Debian`._
_See `How to fix?` for `Debian:8` relevant fixed versions and status._

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
## Remediation
Upgrade `Debian:8` `python2.7` to version 2.7.9-2+deb8u3 or higher.
## References
- [https://security-tracker.debian.org/tracker/CVE-2019-9636](https://security-tracker.debian.org/tracker/CVE-2019-9636)
- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/)
- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/)
- [https://security.gentoo.org/glsa/202003-26](https://security.gentoo.org/glsa/202003-26)
- [https://github.com/python/cpython/pull/12201](https://github.com/python/cpython/pull/12201)
- [https://bugs.python.org/issue36216](https://bugs.python.org/issue36216)
- [https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html](https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html)
- [https://www.oracle.com/security-alerts/cpujan2020.html](https://www.oracle.com/security-alerts/cpujan2020.html)
- [https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html](https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html)
- [https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html](https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html)
- [https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html](https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html)
- [https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html](https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html)
- [https://security.netapp.com/advisory/ntap-20190517-0001/](https://security.netapp.com/advisory/ntap-20190517-0001/)
- [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html)
- [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html)
- [http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html](http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html)
- [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html)
- [https://access.redhat.com/errata/RHBA-2019:0763](https://access.redhat.com/errata/RHBA-2019:0763)
- [https://access.redhat.com/errata/RHBA-2019:0764](https://access.redhat.com/errata/RHBA-2019:0764)
- [https://access.redhat.com/errata/RHBA-2019:0959](https://access.redhat.com/errata/RHBA-2019:0959)
- [https://access.redhat.com/errata/RHSA-2019:2980](https://access.redhat.com/errata/RHSA-2019:2980)
- [https://access.redhat.com/errata/RHSA-2019:3170](https://access.redhat.com/errata/RHSA-2019:3170)
- [https://access.redhat.com/errata/RHSA-2019:0710](https://access.redhat.com/errata/RHSA-2019:0710)
- [https://access.redhat.com/errata/RHSA-2019:0765](https://access.redhat.com/errata/RHSA-2019:0765)
- [https://access.redhat.com/errata/RHSA-2019:0806](https://access.redhat.com/errata/RHSA-2019:0806)
- [https://access.redhat.com/errata/RHSA-2019:0902](https://access.redhat.com/errata/RHSA-2019:0902)
- [https://access.redhat.com/errata/RHSA-2019:0981](https://access.redhat.com/errata/RHSA-2019:0981)
- [https://access.redhat.com/errata/RHSA-2019:0997](https://access.redhat.com/errata/RHSA-2019:0997)
- [https://access.redhat.com/errata/RHSA-2019:1467](https://access.redhat.com/errata/RHSA-2019:1467)
- [http://www.securityfocus.com/bid/107400](http://www.securityfocus.com/bid/107400)
- [http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html](http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html)
- [http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html](http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html)
- [https://usn.ubuntu.com/4127-1/](https://usn.ubuntu.com/4127-1/)
- [https://usn.ubuntu.com/4127-2/](https://usn.ubuntu.com/4127-2/)
- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9636](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9636)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/)
- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/)
- [https://www.oracle.com/security-alerts/cpujul2022.html](https://www.oracle.com/security-alerts/cpujul2022.html)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2019-9636 SNYK-DEBIAN8-PYTHON27-340042 #2384

NVD Description

Remediation

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

CVE-2019-9636 SNYK-DEBIAN8-PYTHON27-340042 #2384

Description

NVD Description

Remediation

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.