Your message dated Sat, 12 Oct 2019 04:49:09 +0000
with message-id <[email protected]>
and subject line Bug#927172: fixed in python-urllib3 1.25.6-1
has caused the Debian Bug report #927172,
regarding python-urllib3: CVE-2019-11236
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
927172: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927172
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-urllib3
Version: 1.24.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/urllib3/urllib3/issues/1553
Hi,
The following vulnerability was published for python-urllib3.
CVE-2019-11236[0]:
| In the urllib3 library through 1.24.1 for Python, CRLF injection is
| possible if the attacker controls the request parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-11236
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11236
[1] https://github.com/urllib3/urllib3/issues/1553
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-urllib3
Source-Version: 1.25.6-1
We believe that the bug you reported is fixed in the latest version of
python-urllib3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Drew Parsons <[email protected]> (supplier of updated python-urllib3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 12 Oct 2019 11:50:26 +0800
Source: python-urllib3
Architecture: source
Version: 1.25.6-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Drew Parsons <[email protected]>
Closes: 927172
Changes:
python-urllib3 (1.25.6-1) experimental; urgency=medium
.
* Team upload.
.
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat.
* Bump Standards-Version to 4.4.0.
.
[ Drew Parsons ]
* New upstream release.
- fixes CVE-2019-11236 CRLF injection vulnerability.
Closes: #927172.
* Standards-Version: 4.4.1
* debhelper compatibility level 12
Checksums-Sha1:
0bb877f628a4b7b6e7515292444f637e6b70ffb0 2510 python-urllib3_1.25.6-1.dsc
6c14b5baec001af6a7f23f2a6e67df1c02d7784a 248292
python-urllib3_1.25.6.orig.tar.gz
1c06dbf72b8b0be49f0217d822b622884daf7646 10180
python-urllib3_1.25.6-1.debian.tar.xz
2438a562a917a10349e49c909a9c26662a4b6d11 8241
python-urllib3_1.25.6-1_source.buildinfo
Checksums-Sha256:
7182fe0d9b728b66287b66de4a4caf91f7cc2af7b4b086a8d058f1c8369b03a6 2510
python-urllib3_1.25.6-1.dsc
9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86 248292
python-urllib3_1.25.6.orig.tar.gz
202eb5ee49e8d3574887c18e76b1f2a4ecfc39834f7264fb1c89e2b457775bdf 10180
python-urllib3_1.25.6-1.debian.tar.xz
e6df634ece72fd4f34a820e954afd79730d5dd509296def52fa1735e24308c64 8241
python-urllib3_1.25.6-1_source.buildinfo
Files:
3418bc7cbb90f71eef62a6a5c1f5f45b 2510 python optional
python-urllib3_1.25.6-1.dsc
a7504a9fcb7ed4ffa482fe098c80b6d4 248292 python optional
python-urllib3_1.25.6.orig.tar.gz
f7161c0ecf4ae6e11e2f7bf09fc1a9ae 10180 python optional
python-urllib3_1.25.6-1.debian.tar.xz
b2bd9c5f9c95425d4b2bc52908d438d8 8241 python optional
python-urllib3_1.25.6-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEI8mpPlhYGekSbQo2Vz7x5L1aAfoFAl2hVrAUHGRwYXJzb25z
QGRlYmlhbi5vcmcACgkQVz7x5L1aAfrhBw//ZKdmpkT1hUc2E6Z67/cJMkuDjda1
qTTUt793S7TLjajUH1A6Glk0cj4cTR+eg78v/YgJ3oa1k02NLVhIYppPOZDiY1kI
XK8N/R/v72bKWrFky63F+stXYP/iLBBWaMphzyrbSfkGd8ZUoN0eKZMqbPnLjqbo
qLROed8ad+LfTQJyDgnsowv2IS3aDJFAe9Z7ECvrKYimIc7m3x+wNc7mdwgdifOX
XoZoOD/6f1fm6BOZuYG6HcM1gFbmCurkQ4stfWLJ6bbScqxFY4c4TzUwn6XG0RHn
9x7lUqSOHXSQmwwiVLUWfjNimyRNwP6eUNLfPgZqfW8wjYCbZ3w2KgKdMhZJ4ati
t+2ZKPaSkYlHlJM13aOXXAcHYzAXn/3872BUG8YCduIUOD8FvggAagmjDKcEkmek
BMUVyIVMFJXNz9ATGISMpOy3yJl7fZeTvzjn0j5NHwTRyLL9Yc7zNmtB/b+EWLvX
icyziNbdKhujpTh4KPYnWzUET8VZDS86F01c8M6NVw9pw6bU67Jwo5MoMKCpJ+I5
ES9nLCX/ya7RgOAK0bw8GnXAbMrWB0ucqrIVShXLpmsX17ZnoYJYxJri9+Ap+6WN
EvPQ02ekR/bRxV6OPihkXSlH9rALp2Iq0xIBlPmMHABABn4RN6+pEzf8QfnOYfKJ
GfaZ2ljs9XIxa5E=
=z803
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
