[Buildroot] [PATCH] package/python-urllib3: security bump to version 1.24.2
peter at korsgaard.com
Fri Apr 26 13:06:01 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issue:
> - CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles
> certain cases where the desired set of CA certificates is different from
> the OS store of CA certificates, which results in SSL connections
> succeeding in situations where a verification failure is the correct
> outcome. This is related to use of the ssl_context, ca_certs, or
> ca_certs_dir argument.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.02.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot