Information on source package python-urllib3

Available versions

ReleaseVersion
jessie1.9.1-3+deb8u2
stretch1.19.1-1+deb9u2
stretch (security)1.19.1-1+deb9u1
buster1.24.1-1
buster (security)1.24.1-1+deb10u2
bullseye1.26.5-1~exp1
bookworm1.26.12-1
trixie1.26.18-2
sid1.26.18-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-45803fixedfixedfixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedurllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...
CVE-2023-43804fixedfixedfixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedurllib3 is a user-friendly HTTP client library for Python. urllib3 doe ...
CVE-2021-33503vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedAn issue was discovered in urllib3 before 1.26.5. When provided with a ...
CVE-2020-26137vulnerable (no DSA)fixedfixedfixedfixedfixedfixedurllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...

Resolved issues

BugDescription
CVE-2021-28363The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ...
CVE-2020-7212The _encode_invalid_chars function in util/url.py in the urllib3 libra ...
CVE-2019-11324The urllib3 library before 1.24.2 for Python mishandles certain cases ...
CVE-2019-11236In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...
CVE-2018-25091urllib3 before 1.24.2 does not remove the authorization HTTP header wh ...
CVE-2018-20060urllib3 before version 1.23 does not remove the Authorization HTTP hea ...
CVE-2016-9015Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vul ...
CVE-2013-2099Algorithmic complexity vulnerability in the ssl.match_hostname functio ...

Security announcements

DSA / DLADescription
ELA-1014-1python-urllib3 - security update
DLA-3649-1python-urllib3 - security update
DLA-3610-1python-urllib3 - security update
DLA-2686-1python-urllib3 - security update
DLA-1828-1python-urllib3 - security update

Search for package or bug name: Reporting problems