python-urllib3 (1.26.5-1~exp1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: Information disclosure through improperly disabled
redirects.
- debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
to Retry.from_int(retries, redirect=False) as well as set
raise_on_redirect in ./src/urllib3/poolmanager.py.
- CVE-2025-50181
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 23 Jun 2025 17:07:25 -0230
python-urllib3 (1.26.5-1~exp1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: The Proxy-Authorization header is not correctly stripped
when redirecting to a different host.
- debian/patches/CVE-2024-37891.patch: Add "Proxy-Authorization" to
DEFAULT_REMOVE_HEADERS_ON_REDIRECT in src/urllib3/util/retry.py. Add
header to tests.
- CVE-2024-37891
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 17 Oct 2024 10:19:08 -0230
python-urllib3 (1.26.5-1~exp1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: http cookie leakage via http redirect
- debian/patches/CVE-2023-43804.patch: removes the cookie from the
http request when it is redirected to a different origin.
- CVE-2023-43804
* SECURITY UPDATE: http body leakage via http redirect
- debian/patches/CVE-2023-45803.patch: removes the body from the
http request when it is redirected to a different origin and the
http verb is changed to GET.
- CVE-2023-45803
-- Jorge Sancho Larraz <jorge.sancho.larraz@canonical.com> Tue, 24 Oct 2023 17:20:49 +0200
python-urllib3 (1.26.5-1~exp1) unstable; urgency=medium
* New upstream version 1.26.5
- CVE-2021-33503: Catastrophic backtracking in URL authority parser when
passed URL containing many @ characters. (Closes: #989848)
* Refresh patches.
-- Daniele Tricoli <eriol@debian.org> Sun, 27 Jun 2021 17:02:18 +0200
python-urllib3 (1.26.4-1) unstable; urgency=medium
* Team upload.
* New upstream release.
- Enforces certificate validation in some cases involving HTTPS to HTTPS
proxies CVE-2021-28363.
-- Stefano Rivera <stefanor@debian.org> Tue, 11 May 2021 20:30:00 -0400
python-urllib3 (1.26.2-1) unstable; urgency=medium
* New upstream version 1.26.2
* Refresh patches.
* debian/control
- Bump debhelper compatibility level to 13.
- Bump Standards-Version to 4.5.1 (no changes needed).
* debian/copyright
- Update copyright years.
* debian/rules
- Ignore test_ssltransport.py.
* debian/watch
- Bump version to 4.
-- Daniele Tricoli <eriol@debian.org> Thu, 31 Dec 2020 02:22:32 +0100
python-urllib3 (1.25.11-1) unstable; urgency=medium
* Team upload.
[ Ondřej Nový ]
* d/control: Update Maintainer field with new Debian Python Team
contact address.
* d/control: Update Vcs-* fields with new Debian Python Team Salsa
layout.
[ Dmitry Shachnev ]
* New upstream release.
* Refresh patches for the new release.
* Skip test_respect_retry_after_header_sleep test.
It needs pytest-freezegun module which is not packaged in Debian yet.
-- Dmitry Shachnev <mitya57@debian.org> Sat, 14 Nov 2020 15:40:30 +0300
python-urllib3 (1.25.9-1) unstable; urgency=medium
* Team upload
* New upstream release
- Refresh patches
-- Scott Kitterman <scott@kitterman.com> Sat, 02 May 2020 13:14:11 -0400
python-urllib3 (1.25.8-2) unstable; urgency=medium
* Drop python2 support; Closes: #938244
* debian/control
- bump versioned b-d on six to >= 1.12.0 (the same version of the embedded
module); Closes: #950738
-- Sandro Tosi <morph@debian.org> Wed, 01 Apr 2020 11:35:50 -0400
python-urllib3 (1.25.8-1) unstable; urgency=medium
* Team upload.
[ Debian Janitor ]
* Use secure URI in Homepage field.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
[ Håvard Flaget Aasen ]
* New upstream version 1.25.8
* Rebase patches.
* Update Standards-Version to 4.5.0
* Remove python-nose and python3-nose from build-dependency.
* Add Rules-Requires-Root: no
* Remove test/conftest.py during build.
-- Håvard Flaget Aasen <haavard_aasen@yahoo.no> Sat, 25 Jan 2020 15:56:27 +0100
# For older changelog entries, run 'apt-get changelog python3-urllib3'
Generated by dwww version 1.14 on Wed Aug 27 08:47:06 CEST 2025.