This bug was fixed in the package python-urllib3 - 2.0.7-1ubuntu0.1
---------------
python-urllib3 (2.0.7-1ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: The Proxy-Authorization header is not correctly stripped
when redirecting to a different host.
- debian/patches/CVE-2024-37891.patch: Add "Proxy-Authorization" to
DEFAULT_REMOVE_HEADERS_ON_REDIRECT in src/urllib3/util/retry.py. Add
header to tests.
- CVE-2024-37891
* Skip failing test causing build-time failures: (LP: #2084715)
- debian/rules: Add "not test_recent_date" to PYBUILD_TEST_ARGS.
-- Hlib Korzhynskyy <[email protected]> Wed, 16 Oct 2024
15:20:56 -0230
** Changed in: python-urllib3 (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-37891
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2084715
Title:
recent date test causes new builds to fail
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-urllib3/+bug/2084715/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
