[ubuntu/jammy-security] python-pip 22.0.2+dfsg-1ubuntu0.7 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Tue Sep 23 12:09:01 UTC 2025
python-pip (22.0.2+dfsg-1ubuntu0.7) jammy-security; urgency=medium
* SECURITY UPDATE: Unintended leak of Proxy-Authorization header
(LP: #2031880)
- debian/patches/CVE-2023-32681.patch: don't attach header to redirects
with an HTTPS destination in requests/sessions.py,
tests/test_requests.py.
- CVE-2023-32681
* SECURITY UPDATE: resource exhaustion
- debian/patches/CVE-2024-3651.patch: checks input before processing
- CVE-2024-3651
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
lookup instead of netloc
- CVE-2024-47081
Date: 2025-09-22 20:16:13.523143+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/python-pip/22.0.2+dfsg-1ubuntu0.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list