[Buildroot] [PATCH 1/1] package/python-urllib3: security bump to version 1.26.6
Peter Korsgaard
peter at korsgaard.com
Tue Aug 3 14:24:01 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix CVE-2021-33503: An issue was discovered in urllib3 before 1.26.5.
> When provided with a URL containing many @ characters in the authority
> component, the authority regular expression exhibits catastrophic
> backtracking, causing a denial of service if a URL were passed as a
> parameter or redirected to via an HTTP redirect.
> https://github.com/urllib3/urllib3/blob/1.26.6/CHANGES.rst
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2021.02.x and 2021.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list