bpo-35907: Clarify the NEWS entry (GH-13557)

author Victor Stinner <vstinner@redhat.com>

Fri, 24 May 2019 21:28:56 +0000 (23:28 +0200)

committer GitHub <noreply@github.com>

Fri, 24 May 2019 21:28:56 +0000 (23:28 +0200)
author Victor Stinner <vstinner@redhat.com>
Fri, 24 May 2019 21:28:56 +0000 (23:28 +0200)
committer GitHub <noreply@github.com>
Fri, 24 May 2019 21:28:56 +0000 (23:28 +0200)
diff --git a/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst b/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst

deleted file mode 100644 (file)

index 6a448ce..0000000
--- a/Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
+++ /dev/null
@@ -1,3 +0,0 @@
-CVE-2019-9948: Avoid file reading as disallowing the unnecessary URL scheme in
-:func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
-:meth:`urllib.URLopener.retrieve`.
diff --git a/Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst b/Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst

new file mode 100644 (file)

index 0000000..a42a386
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst
@@ -0,0 +1,3 @@
+CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
+``local_file://`` URL schemes in :func:`urllib.urlopen`,
+:meth:`urllib.URLopener.open` and :meth:`urllib.URLopener.retrieve`.
author	Victor Stinner <vstinner@redhat.com>
	Fri, 24 May 2019 21:28:56 +0000 (23:28 +0200)
committer	GitHub <noreply@github.com>
	Fri, 24 May 2019 21:28:56 +0000 (23:28 +0200)
Misc/NEWS.d/next/Library/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst	[deleted file]	patch \| blob \| blame \| history
Misc/NEWS.d/next/Security/2019-02-13-17-21-10.bpo-35907.ckk2zg.rst	[new file with mode: 0644]	patch \| blob