bpo-35907: Clarify the NEWS entry (GH-13523)
authorVictor Stinner <vstinner@redhat.com>
Fri, 24 May 2019 20:06:32 +0000 (22:06 +0200)
committerGitHub <noreply@github.com>
Fri, 24 May 2019 20:06:32 +0000 (22:06 +0200)
Misc/NEWS.d/next/Security/2019-05-21-23-20-18.bpo-35907.NC_zNK.rst

index 42aca0bbd1b7f17cb61ceed4a0c25191da068b7e..9628c8797572ebdbc02638f4f5f617cd1280fc3b 100644 (file)
@@ -1,2 +1,3 @@
-CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in
-``URLopener().open()`` ``URLopener().retrieve()`` of :mod:`urllib.request`.
+CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
+``local_file://`` URL schemes in ``URLopener().open()``
+``URLopener().retrieve()`` of :mod:`urllib.request`.