[Git][security-tracker-team/security-tracker][master] CVE-2026-21441/python-urllib3: Add link to commit which introduced the issue
Guilhem Moulin (@guilhem)
guilhem at debian.org
Fri Jan 23 09:04:28 GMT 2026
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1405f658 by Guilhem Moulin at 2026-01-23T10:04:18+01:00
CVE-2026-21441/python-urllib3: Add link to commit which introduced the issue
Prior to version 1.22 the connection was neither drained nor released
before recursing on retry/redirect.
https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#122-2017-07-20
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6183,6 +6183,7 @@ CVE-2026-21441 (urllib3 is an HTTP client library for Python. urllib3's streamin
- python-urllib3 2.5.0-2 (bug #1125062)
NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99
NOTE: https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b (2.6.3)
+ NOTE: Introduced in https://github.com/urllib3/urllib3/commit/7960512291072d707961287fe050a6817d783f57 (1.22)
CVE-2026-21427 (The installers for multiple products provided by PIONEER CORPORATION c ...)
NOT-FOR-US: Pioneer
CVE-2026-0707 (A flaw was found in Keycloak. The Keycloak Authorization header parser ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1405f65803f7865bbd8556f703e20825ad0bcf73
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1405f65803f7865bbd8556f703e20825ad0bcf73
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260123/ec450590/attachment.htm>
More information about the debian-security-tracker-commits
mailing list