python3-urllib3: fix CVE-2025-50182 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-06-26 17:24:59 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-07-04 07:50:16 -0700
commit	0372024fe7ab2cea5eddf686f9bee0f8f07a2000 (patch)
tree	e15c57c50b24dfbb7905bcceb3cb29a5988b648e /scripts/lib/checklayer/context.py
parent	7994e190182c1cf8f1bfa5b58722849b695288ad (diff)
download	poky-0372024fe7ab2cea5eddf686f9bee0f8f07a2000.tar.gz

python3-urllib3: fix CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-50182 Upstream patch: https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f (From OE-Core rev: 082b865d9814e7e7aca4466551a035199aa8b563) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/checklayer/context.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: