If you take a look at the top of that CVE page you will see the following note:
"the python-pip package bundles requests binaries when built.
After updating requests, a no-change rebuild of python-pip is
required."
To summarize, the issue is in requests source package, and whenever we patch it, we just need to make
a rebuild of python-pip so it uses the new patched requests. There is no patching needed directly in python-pip, and that's why you don't see a patch there.
Hi Paavaanan,
If you take a look at the top of that CVE page you will see the following note:
"the python-pip package bundles requests binaries when built.
After updating requests, a no-change rebuild of python-pip is
required."
To summarize, the issue is in requests source package, and whenever we patch it, we just need to make
a rebuild of python-pip so it uses the new patched requests. There is no patching needed directly in python-pip, and that's why you don't see a patch there.
Does that answer your doubt?