[Buildroot] [PATCH 1/1] package/python-urllib3: security bump to version 1.26.4

Peter Korsgaard peter at korsgaard.com
Sat Apr 3 10:18:48 UTC 2021


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Fix CVE-2021-28363: The urllib3 library 1.26.x before 1.26.4 for Python
 > omits SSL certificate validation in some cases involving HTTPS to HTTPS
 > proxies. The initial connection to the HTTPS proxy (if an SSLContext
 > isn't given via proxy_config) doesn't verify the hostname of the
 > certificate. This means certificates for different servers that still
 > validate properly with the default urllib3 SSLContext will be silently
 > accepted.

 > https://github.com/urllib3/urllib3/blob/1.26.4/CHANGES.rst

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2021.02.x, thanks (2020.02.x / 2020.11.x use 1.25.x)

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list