[ubuntu/questing-proposed] python-urllib3 2.3.0-2ubuntu1 (Accepted)

[Hlib Korzhynskyy]

python-urllib3 (2.3.0-2ubuntu1) questing; urgency=medium

  * SECURITY UPDATE: Information disclosure through improperly disabled
    redirects.
    - debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
      to Retry.from_int(retries, redirect=False) as well as set
      raise_on_redirect in ./src/urllib3/poolmanager.py.
    - debian/patches/CVE-2025-50182.patch: Set fetch_data["redirect"] to manual
      when in node.js and add _is_node_js() function in
      ./src/urllib3/contrib/emscripten/fetch.py.
    - CVE-2025-50181
    - CVE-2025-50182

Date: Mon, 23 Jun 2025 15:39:01 -0230
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 23 Jun 2025 15:39:01 -0230
Source: python-urllib3
Built-For-Profiles: noudeb
Architecture: source
Version: 2.3.0-2ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Changes:
 python-urllib3 (2.3.0-2ubuntu1) questing; urgency=medium
 .
   * SECURITY UPDATE: Information disclosure through improperly disabled
     redirects.
     - debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
       to Retry.from_int(retries, redirect=False) as well as set
       raise_on_redirect in ./src/urllib3/poolmanager.py.
     - debian/patches/CVE-2025-50182.patch: Set fetch_data["redirect"] to manual
       when in node.js and add _is_node_js() function in
       ./src/urllib3/contrib/emscripten/fetch.py.
     - CVE-2025-50181
     - CVE-2025-50182
Checksums-Sha1:
 783833cb6642ae53fd5746bb98324b4d3429fd59 2856 python-urllib3_2.3.0-2ubuntu1.dsc
 7161248ade8a623a3e554a36490c2af56f114a06 41964 python-urllib3_2.3.0-2ubuntu1.debian.tar.xz
 7e105e8ff82e09ba95e309023dca4b5bcb089689 8979 python-urllib3_2.3.0-2ubuntu1_source.buildinfo
Checksums-Sha256:
 d6a90d7b45aefbdd2e86d54a8b0d9f57a5961b193ba908efbde19a1368c5d180 2856 python-urllib3_2.3.0-2ubuntu1.dsc
 d32941708dac23d32d4e8d0484e543ab4b648587529e46f86b11da739e695e67 41964 python-urllib3_2.3.0-2ubuntu1.debian.tar.xz
 db046639bc7a379692030e366d8909c31035264b88302b9eb707fcbd5719f97f 8979 python-urllib3_2.3.0-2ubuntu1_source.buildinfo
Files:
 5dfa7c6571be3d643fde756fccadb2fb 2856 python optional python-urllib3_2.3.0-2ubuntu1.dsc
 cf02fed23dc9ee0f871c08788937b1ac 41964 python optional python-urllib3_2.3.0-2ubuntu1.debian.tar.xz
 d3bf6db8352dc91ca653b3e40e052a39 8979 python optional python-urllib3_2.3.0-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>