[Git][security-tracker-team/security-tracker][master] Add CVE-2026-21441/python-urllib3

Thu Jan 8 09:51:19 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
525d51b0 by Salvatore Bonaccorso at 2026-01-08T10:50:39+01:00
Add CVE-2026-21441/python-urllib3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,7 +97,9 @@ CVE-2026-21682 (iccDEV provides a set of libraries and tools that allow for the
 CVE-2026-21681 (iccDEV provides a set of libraries and tools that allow for the intera ...)
 	NOT-FOR-US: iccDEV
 CVE-2026-21441 (urllib3 is an HTTP client library for Python. urllib3's streaming API  ...)
-	TODO: check
+	- python-urllib3 <unfixed>
+	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99
+	NOTE: https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b (2.6.3)
 CVE-2026-21427 (The installers for multiple products provided by PIONEER CORPORATION c ...)
 	NOT-FOR-US: Pioneer
 CVE-2026-0707 (A flaw was found in Keycloak. The Keycloak Authorization header parser ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/525d51b079a2e34df2e9fd817647e4cff5688a81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/525d51b079a2e34df2e9fd817647e4cff5688a81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260108/3d0e42d2/attachment-0001.htm>
