[Python-modules-team] Bug#927172: python-urllib3: CVE-2019-11236

Daniele Tricoli eriol at debian.org
Mon Apr 15 23:46:40 BST 2019

Hello Salvatore,
many thanks for this report!

On 15/04/2019 22:35, Salvatore Bonaccorso wrote:
> Source: python-urllib3
> Version: 1.24.1-1
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/urllib3/urllib3/issues/1553
> Hi,
> The following vulnerability was published for python-urllib3.
I looked at both[¹][²] PRs identified by upstream that fix the issue, they both
use src:python-rfc3986 that is already packaged so it should not hard to have
this fixed.
I will keep an eye on this, upstream should make a release soon.


[¹] https://github.com/urllib3/urllib3/pull/1487
[²] https://github.com/urllib3/urllib3/pull/1531

  Daniele Tricoli 'eriol'

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20190416/344707c0/attachment.sig>

More information about the Python-modules-team mailing list