summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python/python3-iniconfig_1.1.1.bb
diff options
context:
space:
mode:
authorJiaying Song <jiaying.song.cn@windriver.com>2025-06-12 13:54:52 +0800
committerSteve Sakoman <steve@sakoman.com>2025-06-20 08:06:29 -0700
commitd5fa84385a719a07338e350121b61aae701657ca (patch)
tree7fe74a92ddc8207e343b659edfe724b067b15d1b /meta/recipes-devtools/python/python3-iniconfig_1.1.1.bb
parent241a617374f95dba23cc7837128df8faaf8ac9ba (diff)
downloadpoky-d5fa84385a719a07338e350121b61aae701657ca.tar.gz
python3-requests: fix CVE-2024-47081
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-47081 Upstream patch: https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef (From OE-Core rev: 37d746033710509ffabc244e0130d20fd81d9673) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/python/python3-iniconfig_1.1.1.bb')
0 files changed, 0 insertions, 0 deletions