Source: python-urllib3 Version: 1.24.1-1 Severity: important Tags: security upstream
Hi, The following vulnerability was published for python-urllib3, additionally to the one already reported in the BTS earlier. It was posted at [1]. CVE-2019-11324[0]: | The urllib3 library before 1.24.2 for Python mishandles certain cases | where the desired set of CA certificates is different from the OS | store of CA certificates, which results in SSL connections succeeding | in situations where a verification failure is the correct outcome. | This is related to use of the ssl_context, ca_certs, or ca_certs_dir | argument. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11324 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11324 [1] https://www.openwall.com/lists/oss-security/2019/04/17/3 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Python-modules-team mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
