diff options
| author | Jiaying Song <jiaying.song.cn@windriver.com> | 2025-06-12 13:54:52 +0800 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-06-20 08:06:29 -0700 |
| commit | d5fa84385a719a07338e350121b61aae701657ca (patch) | |
| tree | 7fe74a92ddc8207e343b659edfe724b067b15d1b /meta/recipes-devtools/python/python3-iniconfig_1.1.1.bb | |
| parent | 241a617374f95dba23cc7837128df8faaf8ac9ba (diff) | |
| download | poky-d5fa84385a719a07338e350121b61aae701657ca.tar.gz | |
python3-requests: fix CVE-2024-47081
Requests is a HTTP library. Due to a URL parsing issue, Requests
releases prior to 2.32.4 may leak .netrc credentials to third parties
for specific maliciously-crafted URLs. Users should upgrade to version
2.32.4 to receive a fix. For older versions of Requests, use of the
.netrc file can be disabled with `trust_env=False` on one's Requests
Session.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-47081
Upstream patch:
https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef
(From OE-Core rev: 37d746033710509ffabc244e0130d20fd81d9673)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/python/python3-iniconfig_1.1.1.bb')
0 files changed, 0 insertions, 0 deletions
