mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-04 15:52:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

python3-urllib3: fix CVE-2025-50181

Browse Source 
urllib3 is a user-friendly HTTP client library for Python. Prior to
2.5.0, it is possible to disable redirects for all requests by
instantiating a PoolManager and specifying retries in a way that
disable redirects. By default, requests and botocore users are not
affected. An application attempting to mitigate SSRF or open redirect
vulnerabilities by disabling redirects at the PoolManager level will
remain vulnerable. This issue has been patched in version 2.5.0.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50181

Upstream patch:
f05b132912

(From OE-Core rev: 819273b5b8b9279c01035cb72377fd8cbb51a198)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Yogita Urade
2025-06-26 17:24:58 +05:30
committed by Steve Sakoman
parent 1fe29dbf01
commit 7994e19018
2 changed files with 287 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
meta/recipes-devtools/python/python3-urllib3_2.3.0.bb
View File

@@ -7,6 +7,10 @@ SRC_URI[sha256sum] = "f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96
inherit pypi python_hatchling
SRC_URI += " \
file://CVE-2025-50181.patch \
"
DEPENDS += " \
python3-hatch-vcs-native \
"