python-urllib3 2.0.7-2ubuntu0.1 source package in Ubuntu

Changelog

python-urllib3 (2.0.7-2ubuntu0.1) oracular-security; urgency=medium

  * SECURITY UPDATE: The Proxy-Authorization header is not correctly stripped
    when redirecting to a different host.
    - debian/patches/CVE-2024-37891.patch: Add "Proxy-Authorization" to
      DEFAULT_REMOVE_HEADERS_ON_REDIRECT in src/urllib3/util/retry.py. Add
      header to tests.
    - CVE-2024-37891

 -- Hlib Korzhynskyy <email address hidden>  Wed, 16 Oct 2024 11:19:37 -0230

Upload details

Uploaded by:
Hlib Korzhynskyy
Uploaded to:
Oracular
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Plucky release main python
Oracular updates main python
Oracular security main python

Builds

Oracular: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
python-urllib3_2.0.7.orig.tar.gz 275.9 KiB c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84
python-urllib3_2.0.7-2ubuntu0.1.debian.tar.xz 11.8 KiB bf19cec54def421c654ade4e66ea5343f977cb2e63e914cd839f45a486057878
python-urllib3_2.0.7-2ubuntu0.1.dsc 2.7 KiB 4d54b90feef80a011826a3635cc8df2fdd8444b1ca81d64e755b3967ea348c5a

View changes file

Binary packages built by this source

python3-urllib3: HTTP library with thread-safe connection pooling for Python3

 urllib3 supports features left out of urllib and urllib2 libraries.
 .
   - Re-use the same socket connection for multiple requests (HTTPConnectionPool
     and HTTPSConnectionPool) (with optional client-side certificate
     verification).
   - File posting (encode_multipart_formdata).
   - Built-in redirection and retries (optional).
   - Supports gzip and deflate decoding.
   - Thread-safe and sanity-safe.
   - Small and easy to understand codebase perfect for extending and
     building upon.
 .
 This package contains the Python 3 version of the library.