python3-urllib3: fix CVE-2025-50182

mirror of https://git.yoctoproject.org/poky synced 2026-02-09 18:23:02 +01:00

urllib3 is a user-friendly HTTP client library for Python. Prior
to 2.5.0, urllib3 does not control redirects in browsers and
Node.js. urllib3 supports being used in a Pyodide runtime utilizing
the JavaScript Fetch API or falling back on XMLHttpRequest. This
means Python libraries can be used to make HTTP requests from a
browser or Node.js. Additionally, urllib3 provides a mechanism to
control redirects, but the retries and redirect parameters are
ignored with Pyodide; the runtime itself determines redirect
behavior. This issue has been patched in version 2.5.0.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50182

Upstream patch:
7eb4a2aafe

(From OE-Core rev: 082b865d9814e7e7aca4466551a035199aa8b563)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

This commit is contained in:

Yogita Urade

2025-06-26 17:24:59 +05:30

committed by

Steve Sakoman

parent 7994e19018

commit 0372024fe7

2 changed files with 126 additions and 0 deletions

									
										1

meta/recipes-devtools/python/python3-urllib3_2.3.0.bb
									
												View File
												
				@@ -9,6 +9,7 @@ inherit pypi python_hatchling

				SRC_URI += " \

				    file://CVE-2025-50181.patch \

				    file://CVE-2025-50182.patch \

				"

				DEPENDS += " \

python3-urllib3: fix CVE-2025-50182

1 meta/recipes-devtools/python/python3-urllib3_2.3.0.bb Unescape Escape View File

1

meta/recipes-devtools/python/python3-urllib3_2.3.0.bb

View File