mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-12 19:53:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

python3-requests: fix CVE-2024-47081

Browse Source 
Requests is a HTTP library. Due to a URL parsing issue, Requests
releases prior to 2.32.4 may leak .netrc credentials to third parties
for specific maliciously-crafted URLs. Users should upgrade to version
2.32.4 to receive a fix. For older versions of Requests, use of the
.netrc file can be disabled with `trust_env=False` on one's Requests
Session.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-47081

Upstream patch:
96ba401c12

(From OE-Core rev: 37d746033710509ffabc244e0130d20fd81d9673)

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Jiaying Song
2025-06-12 13:54:52 +08:00
committed by Steve Sakoman
parent 241a617374
commit d5fa84385a
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta/recipes-devtools/python/python3-requests_2.27.1.bb
View File

@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658"
SRC_URI += "file://CVE-2023-32681.patch \
file://CVE-2024-35195.patch \
file://CVE-2024-47081.patch \
"
SRC_URI[sha256sum] = "68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61"