[Buildroot] [PATCH] package/python-urllib3: security bump to version 1.24.2

Peter Korsgaard peter at korsgaard.com
Fri Apr 26 13:06:01 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issue:
 > - CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles
 >   certain cases where the desired set of CA certificates is different from
 >   the OS store of CA certificates, which results in SSL connections
 >   succeeding in situations where a verification failure is the correct
 >   outcome.  This is related to use of the ssl_context, ca_certs, or
 >   ca_certs_dir argument.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2019.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list