Univention Bugzilla – Bug 53467
python-urllib3: Multiple issues (4.4)
Last modified: 2021-06-23 16:21:40 CEST
New Debian python-urllib3 1.19.1-1+deb9u1 fixes: This update addresses the following issues: * Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service. (CVE-2019-11236) * Certification mishandle when error should be thrown (CVE-2019-11324) * CRLF injection via HTTP request method (CVE-2020-26137)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/python-urllib3_1.19.1-1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/python-urllib3_1.19.1-1+deb9u1.dsc @@ -1,3 +1,8 @@ +1.19.1-1+deb9u1 [Tue, 15 Jun 2021 00:17:49 +0530] Abhijith PA <abhijith@debian.org>: + + * Non-maintainer upload by the Debian LTS Team. + * Fix CVE-2018-20060, CVE-2019-11236, CVE-2019-11324 CVE-2020-26137 + 1.19.1-1 [Thu, 08 Dec 2016 15:08:04 +0100] Daniele Tricoli <eriol@mornie.org>: * New upstream release. <http://piuparts.knut.univention.de/4.4-8/#3489377526359790485>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x995>