Public bug reported: Scheduled-For: ubuntu-25.11 Ubuntu: 2.32.3+dfsg-5ubuntu2 Debian Unstable: 2.32.5+dfsg-1
A new release of requests is available for merging from Debian Unstable. If it turns out this needs a sync rather than a merge, please change the tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the resolute Release Notes: https://discourse.ubuntu.com/t/resolute-raccoon-release-notes/ ### New Debian Changes ### requests (2.32.5+dfsg-1) unstable; urgency=medium * Team upload. * New upstream release. -- Colin Watson <[email protected]> Fri, 29 Aug 2025 11:26:45 +0100 requests (2.32.4+dfsg-1) unstable; urgency=medium * Team upload. * New upstream release. - CVE-2024-47081: Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file (closes: #1107368). * Avoid harmless "date: invalid date '@'" error in autopkgtest. -- Colin Watson <[email protected]> Mon, 18 Aug 2025 11:18:19 +0100 ### Old Ubuntu Delta ### requests (2.32.3+dfsg-5ubuntu2) questing; urgency=medium * SECURITY UPDATE: Information Leak - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc lookup instead of netloc - CVE-2024-47081 -- Bruce Cable <[email protected]> Wed, 11 Jun 2025 13:28:01 +1000 requests (2.32.3+dfsg-5ubuntu1) questing; urgency=medium * Merge with Debian unstable (LP: #2085279). Remaining changes: - d/p/remove-charset-normalizer-dependency.patch: Remove charset-normalizer as a build dependency (LP #1975541). -- Lena Voytek <[email protected]> Thu, 22 May 2025 16:50:10 -0400 ** Affects: requests (Ubuntu) Importance: Undecided Status: New ** Tags: dcr-merge ** Changed in: requests (Ubuntu) Milestone: None => ubuntu-25.11 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130145 Title: Merge requests from Debian Unstable for resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/requests/+bug/2130145/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
