[Buildroot] [git commit branch/2019.05.x] package/python3-urllib: security bump to version 1.24.3
Peter Korsgaard
peter at korsgaard.com
Wed Aug 28 15:15:18 UTC 2019
commit: https://git.buildroot.net/buildroot/commit/?id=eed54b125e5a710d0014ce35186854bad53dc82b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2019.05.x
Fixes the following security vulnerability:
CVE-2019-9740: An issue was discovered in urllib2 in Python 2.x through
2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible
if the attacker controls a url parameter, as demonstrated by the first
argument to urllib.request.urlopen with \r\n (specifically in the query
string after a ? character) followed by an HTTP header or a Redis command.
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/python-urllib3/python-urllib3.hash | 4 ++--
package/python-urllib3/python-urllib3.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python-urllib3/python-urllib3.hash b/package/python-urllib3/python-urllib3.hash
index ec075cb4f6..b3f9038918 100644
--- a/package/python-urllib3/python-urllib3.hash
+++ b/package/python-urllib3/python-urllib3.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/urllib3/json
-md5 20bb5a170a534bd0acd98bfc007fcc22 urllib3-1.24.2.tar.gz
-sha256 9a247273df709c4fedb38c711e44292304f73f39ab01beda9f6b9fc375669ac3 urllib3-1.24.2.tar.gz
+md5 1efcddca675b80f3ac110439921fc66b urllib3-1.24.3.tar.gz
+sha256 2393a695cd12afedd0dcb26fe5d50d0cf248e5a66f75dbd89a3d4eb333a61af4 urllib3-1.24.3.tar.gz
# Locally computed sha256 checksums
sha256 11db569430ca5ad793f1399297b8df5041a22137abaf90642ea71da21d59121c LICENSE.txt
diff --git a/package/python-urllib3/python-urllib3.mk b/package/python-urllib3/python-urllib3.mk
index 893d32d976..309e18f10f 100644
--- a/package/python-urllib3/python-urllib3.mk
+++ b/package/python-urllib3/python-urllib3.mk
@@ -4,9 +4,9 @@
#
################################################################################
-PYTHON_URLLIB3_VERSION = 1.24.2
+PYTHON_URLLIB3_VERSION = 1.24.3
PYTHON_URLLIB3_SOURCE = urllib3-$(PYTHON_URLLIB3_VERSION).tar.gz
-PYTHON_URLLIB3_SITE = https://files.pythonhosted.org/packages/fd/fa/b21f4f03176463a6cccdb612a5ff71b927e5224e83483012747c12fc5d62
+PYTHON_URLLIB3_SITE = https://files.pythonhosted.org/packages/8a/3c/1bb7ef6c435dea026f06ed9f3ba16aa93f9f4f5d3857a51a35dfa00882f1
PYTHON_URLLIB3_LICENSE = MIT
PYTHON_URLLIB3_LICENSE_FILES = LICENSE.txt
PYTHON_URLLIB3_SETUP_TYPE = setuptools
More information about the buildroot
mailing list