On 12/7/25 08:17, Heinrich Schuchardt wrote:
Am 6. Dezember 2025 17:50:34 MEZ schrieb Tom Rini <[email protected]>:
The GitHub dependabot tool has reported two "high" priority bugs with
this package. Update to the patched version.
Reported-by: GitHub dependabot
Signed-off-by: Tom Rini <[email protected]>
---
Cc: Heinrich Schuchardt <[email protected]>
---
doc/sphinx/requirements.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt
index 8572c15ef68f..dd433e2bb156 100644
--- a/doc/sphinx/requirements.txt
+++ b/doc/sphinx/requirements.txt
@@ -24,4 +24,4 @@ sphinxcontrib-jquery==4.1
sphinxcontrib-jsmath==1.0.1
sphinxcontrib-qthelp==2.0.0
sphinxcontrib-serializinghtml==2.0.0
-urllib3==2.5.0
+urllib3==2.6.0
Please, add a reference to CVE-2025-66418 to the commit message before applying.
The other CVE is CVE-2025-66471. Both CVEs are related to excessive
resource consumption caused by downloading from malicious URLs.
Acked-by: Heinrich Schuchardt <[email protected]>
