Forum: Too Lazy BBS

Who's Online

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	43
Nodes:	6 (0 / 6)
Uptime:	100:16:40
Calls:	290
Files:	905
Messages:	76,507

Bug#1091087: bookworm-pu: package python-urllib3/1.26.12-1+deb12u1

From Adam D. Barratt@21:1/5 to Guilhem Moulin on Thu Jan 2 21:50:02 2025

XPost: linux.debian.devel.release

Control: tags -1 + confirmed

On Sun, 2024-12-22 at 15:20 +0100, Guilhem Moulin wrote:

Fix 3 no-dsa vulnerabilities (CVE-2023-43804, CVE-2023-45803 and CVE-2024-37891) and a bug where urllib3.util.ssltransport fails to
load
(#1089507).

Please go ahead.

Regards,

Adam

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Adam D Barratt@21:1/5 to All on Fri Jan 3 19:40:03 2025

XPost: linux.debian.devel.release

package release.debian.org
tags 1091087 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: python-urllib3
Version: 1.26.12-1+deb12u1

Explanation: fix possible information leak during cross-origin redirects [CVE-2023-43804]; fix "request body not stripped after redirect from 303 status changes request method to GET" [CVE-2023-45803]; fix "Proxy-Authorization request header isn't
stripped during cross-origin redirects" [CVE-2024-37891]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)