Format: 1.8
Date: Mon, 13 May 2019 14:27:58 -0400
Source: python-urllib3
Binary: python-urllib3 python3-urllib3
Architecture: all
Version: 1.22-1ubuntu0.18.04.1
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-022.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 python-urllib3 - HTTP library with thread-safe connection pooling for Python
 python3-urllib3 - HTTP library with thread-safe connection pooling for Python3
Changes:
 python-urllib3 (1.22-1ubuntu0.18.04.1) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: credential disclosure via cross-origin redirect
     - debian/patches/CVE-2018-20060-*.patch: backport logic to strip
       Authorization header when following a cross-origin redirect.
     - CVE-2018-20060
   * SECURITY UPDATE: CRLF injection issue
     - debian/patches/CVE-2019-11236-1.patch: check for control chars in URL
       in urllib3/connection.py, urllib3/connectionpool.py,
       urllib3/contrib/pyopenssl.py, urllib3/contrib/socks.py,
       urllib3/util/url.py, test/test_util.py.
     - debian/patches/CVE-2019-11236-2.patch: percent-encode invalid target
       characters in urllib3/util/url.py, test/test_util.py.
     - debian/patches/CVE-2019-11236-3.patch: don't use embedded python-six
       in urllib3/util/url.py.
     - CVE-2019-11236
   * SECURITY UPDATE: CA cert mishandling
     - debian/patches/CVE-2019-11324.patch: don't load system certificates
       by default when any other CA cert parameters are specified in
       urllib3/util/ssl_.py.
     - CVE-2019-11324
   * debian/patches/fix_cert_error.patch: fix failing test.
Checksums-Sha1:
 402612e8f9137c5b6cb228a1fbd34fdff68b7f4a 85892 python-urllib3_1.22-1ubuntu0.18.04.1_all.deb
 e0b2ff8d70778208c000f14e70f567d43f08c78f 7154 python-urllib3_1.22-1ubuntu0.18.04.1_amd64.buildinfo
 69694b14ec4869820b870a6bc712412029dbdd10 85992 python3-urllib3_1.22-1ubuntu0.18.04.1_all.deb
Checksums-Sha256:
 cc12d6c983b69b191994e51500e17bf86bf0a06e0a04b65eed175739fccf550f 85892 python-urllib3_1.22-1ubuntu0.18.04.1_all.deb
 41b3346dbcee881568c1c69cdeeaf8f9d836c32aa6419f727fd7b67f9242b968 7154 python-urllib3_1.22-1ubuntu0.18.04.1_amd64.buildinfo
 c3d9dd2f2fd27b98420ef2d20622675098f29bdb2a863a2367f59c3d6e316700 85992 python3-urllib3_1.22-1ubuntu0.18.04.1_all.deb
Files:
 75faee51b7355a8cfab5638ab789ec8c 85892 python optional python-urllib3_1.22-1ubuntu0.18.04.1_all.deb
 f2604b6090f1dda2879f01667ed2c4d2 7154 python optional python-urllib3_1.22-1ubuntu0.18.04.1_amd64.buildinfo
 c24c548cd0386ba85c41e21000c02acc 85992 python optional python3-urllib3_1.22-1ubuntu0.18.04.1_all.deb
Original-Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>