python3-requests: fix CVE-2024-35195 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Jiaying Song <jiaying.song.cn@windriver.com>	2024-12-04 17:28:01 +0800
committer	Steve Sakoman <steve@sakoman.com>	2024-12-16 05:58:03 -0800
commit	e402b2417a0546548772eb5e2ae69fc1f254f69c (patch)
tree	5c365ca39c9186d3a66010a623d66fbc64f6a8fe /meta/classes/python_setuptools3_rust.bbclass
parent	2a6fc7fbf2a772464dbf55dc3a645a042e93d866 (diff)
download	poky-e402b2417a0546548772eb5e2ae69fc1f254f69c.tar.gz

python3-requests: fix CVE-2024-35195

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0. References: https://nvd.nist.gov/vuln/detail/CVE-2024-35195 Upstream patches: https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac (From OE-Core rev: 8bc8d316a6e8ac08b4eb2b9e2ec30b1f2309c31c) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/classes/python_setuptools3_rust.bbclass')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: