© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Hi Paavaanan,
If you take a look at the top of that CVE page you will see the following note:
"the python-pip package bundles requests binaries when built.
After updating requests, a no-change rebuild of python-pip is
required."
To summarize, the issue is in requests source package, and whenever we patch it, we just need to make
a rebuild of python-pip so it uses the new patched requests. There is no patching needed directly in python-pip, and that's why you don't see a patch there.
Does that answer your doubt?