[Buildroot] [PATCH 1/1] package/python-urllib3: security bump to version 1.26.6

Peter Korsgaard peter at korsgaard.com
Tue Aug 3 14:24:01 UTC 2021


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Fix CVE-2021-33503: An issue was discovered in urllib3 before 1.26.5.
 > When provided with a URL containing many @ characters in the authority
 > component, the authority regular expression exhibits catastrophic
 > backtracking, causing a denial of service if a URL were passed as a
 > parameter or redirected to via an HTTP redirect.

 > https://github.com/urllib3/urllib3/blob/1.26.6/CHANGES.rst

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2021.02.x and 2021.05.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list