This bug was fixed in the package python-pip - 22.0.2+dfsg-1ubuntu0.7
---------------
python-pip (22.0.2+dfsg-1ubuntu0.7) jammy-security; urgency=medium
* SECURITY UPDATE: Unintended leak of Proxy-Authorization header
(LP: #2031880)
- debian/patches/CVE-2023-32681.patch: don't attach header to redirects
with an HTTPS destination in requests/sessions.py,
tests/test_requests.py.
- CVE-2023-32681
* SECURITY UPDATE: resource exhaustion
- debian/patches/CVE-2024-3651.patch: checks input before processing
- CVE-2024-3651
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
lookup instead of netloc
- CVE-2024-47081
-- Hlib Korzhynskyy <[email protected]> Mon, 22 Sep 2025
17:14:33 -0230
** Changed in: python-pip (Ubuntu Jammy)
Status: New => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2024-3651
** CVE added: https://cve.org/CVERecord?id=CVE-2024-47081
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2031880
Title:
CVE-2023-32681 - python-pip fix is improper
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/2031880/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
