git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Yogita Urade <yogita.urade@windriver.com>
	Thu, 26 Jun 2025 11:54:59 +0000 (17:24 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Thu, 26 Jun 2025 15:46:27 +0000 (08:46 -0700)
commit	082b865d9814e7e7aca4466551a035199aa8b563
tree	c5455bd4e47c62b73636b8851d68838c6cbaa65c	tree \| snapshot
parent	819273b5b8b9279c01035cb72377fd8cbb51a198	commit \| diff

python3-urllib3: fix CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Prior
to 2.5.0, urllib3 does not control redirects in browsers and
Node.js. urllib3 supports being used in a Pyodide runtime utilizing
the JavaScript Fetch API or falling back on XMLHttpRequest. This
means Python libraries can be used to make HTTP requests from a
browser or Node.js. Additionally, urllib3 provides a mechanism to
control redirects, but the retries and redirect parameters are
ignored with Pyodide; the runtime itself determines redirect
behavior. This issue has been patched in version 2.5.0.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50182

Upstream patch:
https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/python/python3-urllib3/CVE-2025-50182.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/python/python3-urllib3_2.3.0.bb		diff \| blob \| blame \| history