Publishing details
Changelog
python-urllib3 (1.25.11-1~20.04.sav1) focal; urgency=medium
* SECURITY UPDATE: http cookie leakage via http redirect
- debian/patches/CVE-2023-43804.patch: removes the cookie from the
http request when it is redirected to a different origin.
- CVE-2023-43804
* SECURITY UPDATE: http body leakage via http redirect
- debian/patches/CVE-2023-45803.patch: removes the body from the
http request when it is redirected to a different origin and the
http verb is changed to GET.
- CVE-2023-45803
[ thanks to Jorge Sancho Larraz <email address hidden> ]
* SECURITY UPDATE: DoS via URL regex backtracking
- debian/patches/CVE-2021-33503.patch: improve performance of
sub-authority splitting in URL in src/urllib3/util/url.py,
test/test_util.py.
- CVE-2021-33503
[ thanks to Marc Deslauriers <email address hidden> ]
-- Rob Savoury <email address hidden> Fri, 10 Nov 2023 16:13:57 -0800
Builds
Built packages
-
python3-urllib3
HTTP library with thread-safe connection pooling for Python3
Package files