Publishing details

• Removed from disk on 2020-10-06.
• Removal requested on 2020-10-06.
• Superseded on 2020-10-05 by python-urllib3 - 1.13.1-2ubuntu0.16.04.4
• Published on 2019-05-21
• Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Ubuntu Archive Robot

Changelog

python-urllib3 (1.13.1-2ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: credential disclosure via cross-origin redirect
    - debian/patches/CVE-2018-20060-*.patch: backport logic to strip
      Authorization header when following a cross-origin redirect.
    - CVE-2018-20060
  * SECURITY UPDATE: CRLF injection issue
    - debian/patches/CVE-2019-11236-1.patch: check for control chars in URL
      in urllib3/connection.py, urllib3/contrib/pyopenssl.py,
      urllib3/util/url.py, test/test_util.py.
    - debian/patches/CVE-2019-11236-2.patch: percent-encode invalid target
      characters in urllib3/util/url.py, test/test_util.py.
    - debian/patches/CVE-2019-11236-3.patch: don't use embedded python-six
      in urllib3/util/url.py.
    - CVE-2019-11236

 -- Marc Deslauriers <email address hidden>  Mon, 13 May 2019 15:26:05 -0400

Builds

• amd64

Package files

• python-urllib3_1.13.1-2ubuntu0.16.04.3.debian.tar.xz (18.6 KiB)
• python-urllib3_1.13.1-2ubuntu0.16.04.3.dsc (2.4 KiB)
• python-urllib3_1.13.1-2ubuntu0.16.04.3_all.deb (57.0 KiB)
• python-urllib3_1.13.1.orig.tar.gz (152.6 KiB)
• python3-urllib3_1.13.1-2ubuntu0.16.04.3_all.deb (57.1 KiB)