[Buildroot] [PATCH 1/1] package/python-urllib3: security bump to version 1.26.4

Peter Korsgaard peter at korsgaard.com
Tue Mar 30 06:18:58 UTC 2021

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Fix CVE-2021-28363: The urllib3 library 1.26.x before 1.26.4 for Python
 > omits SSL certificate validation in some cases involving HTTPS to HTTPS
 > proxies. The initial connection to the HTTPS proxy (if an SSLContext
 > isn't given via proxy_config) doesn't verify the hostname of the
 > certificate. This means certificates for different servers that still
 > validate properly with the default urllib3 SSLContext will be silently
 > accepted.

 > https://github.com/urllib3/urllib3/blob/1.26.4/CHANGES.rst

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list