Information on source package python-urllib3

Available versions

ReleaseVersion
buster1.24.1-1
buster (security)1.24.1-1+deb10u2
bullseye1.26.5-1~exp1
bookworm1.26.12-1
trixie1.26.18-2
sid1.26.18-2

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2023-45803fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedurllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...
CVE-2023-43804fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedurllib3 is a user-friendly HTTP client library for Python. urllib3 doe ...

Resolved issues

BugDescription
CVE-2021-33503An issue was discovered in urllib3 before 1.26.5. When provided with a ...
CVE-2021-28363The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ...
CVE-2020-26137urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...
CVE-2020-7212The _encode_invalid_chars function in util/url.py in the urllib3 libra ...
CVE-2019-11324The urllib3 library before 1.24.2 for Python mishandles certain cases ...
CVE-2019-11236In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...
CVE-2018-25091urllib3 before 1.24.2 does not remove the authorization HTTP header wh ...
CVE-2018-20060urllib3 before version 1.23 does not remove the Authorization HTTP hea ...
CVE-2016-9015Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vul ...
CVE-2013-2099Algorithmic complexity vulnerability in the ssl.match_hostname functio ...

Security announcements

DSA / DLADescription
DLA-3649-1python-urllib3 - security update
DLA-3610-1python-urllib3 - security update
DLA-2686-1python-urllib3 - security update
DLA-1828-1python-urllib3 - security update
Search for package or bug name: Reporting problems