[Git][security-tracker-team/security-tracker][master] CVE-2021-41945/httpx unfixed
Neil Williams (@codehelp)
codehelp at debian.org
Fri Apr 29 08:23:22 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f35707d by Neil Williams at 2022-04-29T08:18:29+01:00
CVE-2021-41945/httpx unfixed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39157,7 +39157,12 @@ CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in th
CVE-2021-41946
RESERVED
CVE-2021-41945 (Encode OSS httpx <=1.0.0.beta0 is affected by improper input valida ...)
- TODO: check
+ - httpx <unfixed>
+ NOTE: https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
+ NOTE: https://github.com/encode/httpx/discussions/1831
+ NOTE: https://github.com/encode/httpx/issues/2184
+ NOTE: affected code has moved upstream, from _models.py to a new file, _urls.py
+ NOTE: https://sources.debian.org/src/httpx/0.22.0-2/httpx/_models.py/?hl=537#L537
CVE-2021-41944
RESERVED
CVE-2021-41943
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f35707d159e06d37fe81ea9c47064b004f498d7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f35707d159e06d37fe81ea9c47064b004f498d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220429/69507a67/attachment.htm>
More information about the debian-security-tracker-commits
mailing list