Publishing details

Published on 2023-11-07
Copied from ubuntu focal in PPA for Ubuntu Security Proposed by Jorge Sancho Larraz

Changelog

python-urllib3 (1.25.8-2ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: http cookie leakage via http redirect
    - debian/patches/CVE-2023-43804.patch: removes the cookie from the
      http request when it is redirected to a different origin.
    - CVE-2023-43804
  * SECURITY UPDATE: http body leakage via http redirect
    - debian/patches/CVE-2023-45803.patch: removes the body from the
      http request when it is redirected to a different origin and the
      http verb is changed to GET.
    - CVE-2023-45803

 -- Jorge Sancho Larraz <email address hidden>  Tue, 24 Oct 2023 21:57:53 +0200

Available diffs

diff from 1.25.8-2ubuntu0.2 to 1.25.8-2ubuntu0.3 (3.5 KiB)

Builds

amd64

Built packages

python3-urllib3 HTTP library with thread-safe connection pooling for Python3

Package files

python-urllib3_1.25.8-2ubuntu0.3.debian.tar.xz (15.5 KiB)
python-urllib3_1.25.8-2ubuntu0.3.dsc (2.3 KiB)
python-urllib3_1.25.8.orig.tar.gz (255.0 KiB)
python3-urllib3_1.25.8-2ubuntu0.3_all.deb (86.7 KiB)