[Python-modules-team] Bug#927172: python-urllib3: CVE-2019-11236
Daniele Tricoli
eriol at debian.org
Mon Apr 15 23:46:40 BST 2019
Hello Salvatore,
many thanks for this report!
On 15/04/2019 22:35, Salvatore Bonaccorso wrote:
> Source: python-urllib3
> Version: 1.24.1-1
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/urllib3/urllib3/issues/1553
>
> Hi,
>
> The following vulnerability was published for python-urllib3.
I looked at both[¹][²] PRs identified by upstream that fix the issue, they both
use src:python-rfc3986 that is already packaged so it should not hard to have
this fixed.
I will keep an eye on this, upstream should make a release soon.
Cheers,
[¹] https://github.com/urllib3/urllib3/pull/1487
[²] https://github.com/urllib3/urllib3/pull/1531
--
Daniele Tricoli 'eriol'
https://mornie.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20190416/344707c0/attachment.sig>
More information about the Python-modules-team
mailing list