Ubuntu
python-urllib3 package

python-urllib3 1.22-1ubuntu0.18.04.1 source package in Ubuntu

Changelog

python-urllib3 (1.22-1ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: credential disclosure via cross-origin redirect
    - debian/patches/CVE-2018-20060-*.patch: backport logic to strip
      Authorization header when following a cross-origin redirect.
    - CVE-2018-20060
  * SECURITY UPDATE: CRLF injection issue
    - debian/patches/CVE-2019-11236-1.patch: check for control chars in URL
      in urllib3/connection.py, urllib3/connectionpool.py,
      urllib3/contrib/pyopenssl.py, urllib3/contrib/socks.py,
      urllib3/util/url.py, test/test_util.py.
    - debian/patches/CVE-2019-11236-2.patch: percent-encode invalid target
      characters in urllib3/util/url.py, test/test_util.py.
    - debian/patches/CVE-2019-11236-3.patch: don't use embedded python-six
      in urllib3/util/url.py.
    - CVE-2019-11236
  * SECURITY UPDATE: CA cert mishandling
    - debian/patches/CVE-2019-11324.patch: don't load system certificates
      by default when any other CA cert parameters are specified in
      urllib3/util/ssl_.py.
    - CVE-2019-11324
  * debian/patches/fix_cert_error.patch: fix failing test.

 -- Marc Deslauriers <email address hidden>  Mon, 13 May 2019 14:27:58 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Bionic: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
python-urllib3_1.22.orig.tar.gz 220.8 KiB cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f
python-urllib3_1.22.orig.tar.gz.asc 801 bytes b80e563a665dd9d3a3d4caabc0b4436227ff7b2631ab8b7e616ad953818d898c
python-urllib3_1.22-1ubuntu0.18.04.1.debian.tar.xz 34.1 KiB 37ab7811f2615a40eee1a0eb8a6fa0a9db009d27431e03e64d083048c363e7a8
python-urllib3_1.22-1ubuntu0.18.04.1.dsc 2.8 KiB ffb40e398748617fa3aedf7a375d9f3cd88770540af308305dbad48a40166201

View changes file

Binary packages built by this source

python-urllib3: HTTP library with thread-safe connection pooling for Python

 urllib3 supports features left out of urllib and urllib2 libraries.
 .
   - Re-use the same socket connection for multiple requests (HTTPConnectionPool
     and HTTPSConnectionPool) (with optional client-side certificate
     verification).
   - File posting (encode_multipart_formdata).
   - Built-in redirection and retries (optional).
   - Supports gzip and deflate decoding.
   - Thread-safe and sanity-safe.
   - Small and easy to understand codebase perfect for extending and
     building upon.

python3-urllib3: HTTP library with thread-safe connection pooling for Python3

 urllib3 supports features left out of urllib and urllib2 libraries.
 .
   - Re-use the same socket connection for multiple requests (HTTPConnectionPool
     and HTTPSConnectionPool) (with optional client-side certificate
     verification).
   - File posting (encode_multipart_formdata).
   - Built-in redirection and retries (optional).
   - Supports gzip and deflate decoding.
   - Thread-safe and sanity-safe.
   - Small and easy to understand codebase perfect for extending and
     building upon.
 .
 This package contains the Python 3 version of the library.