[Git][security-tracker-team/security-tracker][master] CVE-2021-33503/python-urllib3: Versions <1.25.4 are unaffected.

[Guilhem Moulin (@guilhem)]

Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
505f879c by Guilhem Moulin at 2023-10-07T18:49:49+02:00
CVE-2021-33503/python-urllib3: Versions <1.25.4 are unaffected.

Per upstream advisory at https://github.com/advisories/GHSA-q2q7-5pp4-w6pg .
Likely introduced in https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f .

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -165855,8 +165855,8 @@ CVE-2021-33504 (Couchbase Server before 7.1.0 has Incorrect Access Control.)
 	NOT-FOR-US: Couchbase Server
 CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...)
 	- python-urllib3 1.26.5-1~exp1 (bug #989848)
-	[buster] - python-urllib3 <no-dsa> (Minor issue)
-	[stretch] - python-urllib3 <ignored> (Intrusive to backport)
+	[buster] - python-urllib3 <not-affected> (Vulnerable code introduced later)
+	[stretch] - python-urllib3 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
 	NOTE: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
 CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/505f879cccf65c19953e8542097be5f0f832a288

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/505f879cccf65c19953e8542097be5f0f832a288
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231007/55600e25/attachment.htm>