[Git][security-tracker-team/security-tracker][master] Add CVE-2021-28363/python-urllib3
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 15 20:40:50 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4ebbed27 by Salvatore Bonaccorso at 2021-03-15T21:40:28+01:00
Add CVE-2021-28363/python-urllib3
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -240,7 +240,12 @@ CVE-2021-28365
CVE-2021-28364
RESERVED
CVE-2021-28363 (The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ...)
- TODO: check
+ - python-urllib3 <unfixed>
+ [buster] - python-urllib3 <not-affected> (Vulnerable code introduced later)
+ [stretch] - python-urllib3 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
+ NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 (1.26.4)
+ NOTE: Support for HTTPS request via HTTPS proxies only introduced in 1.26.0.
CVE-2021-28362
RESERVED
CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit (SPDK) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ebbed2707d522372ec5965a71b1891d12856666
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ebbed2707d522372ec5965a71b1891d12856666
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210315/21cf1634/attachment.htm>
More information about the debian-security-tracker-commits
mailing list