Public bug reported:
the backport to urllib3 1.26.5 is a copy and paste of code from urllib3
2.x that makes no sense in urllib3 1.x
There is no tracking of decoded response data in urllib3 1.x
`HTTPResponse` class. Using the API from 2.x `BaseHTTPResponse` class in
1.x `HTTPResponse` class does not make sense in this case.
As a result, accessing the `self._has_decoded_data` property which only
exists in 2.x new `BaseHTTPResponse` is not valid in 1.x `HTTPResponse`
and any code that uses response streaming in Jammy will fail.
** Affects: python-urllib3 (Ubuntu)
Importance: Undecided
Status: New
** CVE added: https://cve.org/CVERecord?id=CVE-2026-21441
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2138420
Title:
backport of CVE-2026-21441 results in broken package
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-urllib3/+bug/2138420/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
