This bug was fixed in the package requests - 2.32.5+dfsg-1ubuntu1
---------------
requests (2.32.5+dfsg-1ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2130145). Remaining changes:
- d/p/remove-charset-normalizer-dependency.patch: Remove charset-normalizer
as a build dependency (LP #1975541).
Drop changes applied in upstream:
- debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
lookup instead of netloc
* d/p/remove-charset-normalizer-dependency.patch: refresh the patch
requests (2.32.5+dfsg-1) unstable; urgency=medium
* Team upload.
* New upstream release.
requests (2.32.4+dfsg-1) unstable; urgency=medium
* Team upload.
* New upstream release.
- CVE-2024-47081: Fixed an issue where a maliciously crafted URL and
trusted environment will retrieve credentials for the wrong
hostname/machine from a netrc file (closes: #1107368).
* Avoid harmless "date: invalid date '@'" error in autopkgtest.
-- Nadzeya Hutsko <[email protected]> Thu, 06 Nov 2025
12:18:28 +0100
** Changed in: requests (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2024-47081
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2130145
Title:
Merge requests from Debian Unstable for resolute
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/requests/+bug/2130145/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
