OESA-2025-2317

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2317
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-2317.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2025-2317
Upstream
Published
2025-09-19T13:13:33Z
Modified
2025-09-19T14:02:44.921184Z
Summary
python-pip security update
Details

pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-/bash_completion.d}) Name: python-pip Version: 23.3.1 Release: 3 Summary: A tool for installing and managing Python packages License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) URL: http://www.pip-installer.org Source0: Source1: pip.loongarch.conf BuildArch: noarch Patch1: remove-existing-dist-only-if-path-conflicts. Patch6000: dummy-certifi.patch Patch6001: backport-CVE-2023-45803-Made-body-stripped-from-HTTP-requests.patch Patch6002: backport-CVE-2024-37891-Strip-Proxy-Authorization-header-on-redirects.patch

Security Fix(es):

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.(CVE-2025-50181)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP4

python-pip

Package

Name
python-pip
Purl
pkg:rpm/openEuler/python-pip&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.2.2-11.oe2003sp4

Ecosystem specific 

{
    "src": [
        "python-pip-20.2.2-11.oe2003sp4.src.rpm"
    ],
    "noarch": [
        "python-pip-help-20.2.2-11.oe2003sp4.noarch.rpm",
        "python-pip-wheel-20.2.2-11.oe2003sp4.noarch.rpm",
        "python2-pip-20.2.2-11.oe2003sp4.noarch.rpm",
        "python3-pip-20.2.2-11.oe2003sp4.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP3

python-pip

Package

Name
python-pip
Purl
pkg:rpm/openEuler/python-pip&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
21.3.1-10.oe2203sp3

Ecosystem specific 

{
    "src": [
        "python-pip-21.3.1-10.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "python-pip-help-21.3.1-10.oe2203sp3.noarch.rpm",
        "python-pip-wheel-21.3.1-10.oe2203sp3.noarch.rpm",
        "python3-pip-21.3.1-10.oe2203sp3.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP4

python-pip

Package

Name
python-pip
Purl
pkg:rpm/openEuler/python-pip&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
21.3.1-10.oe2203sp4

Ecosystem specific 

{
    "src": [
        "python-pip-21.3.1-10.oe2203sp4.src.rpm"
    ],
    "noarch": [
        "python-pip-help-21.3.1-10.oe2203sp4.noarch.rpm",
        "python-pip-wheel-21.3.1-10.oe2203sp4.noarch.rpm",
        "python3-pip-21.3.1-10.oe2203sp4.noarch.rpm"
    ]
}

openEuler:24.03-LTS

python-pip

Package

Name
python-pip
Purl
pkg:rpm/openEuler/python-pip&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.3.1-5.oe2403sp2

Ecosystem specific 

{
    "src": [
        "python-pip-23.3.1-5.oe2403.src.rpm",
        "python-pip-23.3.1-5.oe2403sp1.src.rpm",
        "python-pip-23.3.1-5.oe2403sp2.src.rpm"
    ],
    "noarch": [
        "python-pip-help-23.3.1-5.oe2403.noarch.rpm",
        "python-pip-wheel-23.3.1-5.oe2403.noarch.rpm",
        "python3-pip-23.3.1-5.oe2403.noarch.rpm",
        "python-pip-help-23.3.1-5.oe2403sp1.noarch.rpm",
        "python-pip-wheel-23.3.1-5.oe2403sp1.noarch.rpm",
        "python3-pip-23.3.1-5.oe2403sp1.noarch.rpm",
        "python-pip-help-23.3.1-5.oe2403sp2.noarch.rpm",
        "python-pip-wheel-23.3.1-5.oe2403sp2.noarch.rpm",
        "python3-pip-23.3.1-5.oe2403sp2.noarch.rpm"
    ]
}

openEuler:24.03-LTS-SP1

python-pip

Package

Name
python-pip
Purl
pkg:rpm/openEuler/python-pip&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.3.1-5.oe2403sp1

Ecosystem specific 

{
    "src": [
        "python-pip-23.3.1-5.oe2403sp1.src.rpm"
    ],
    "noarch": [
        "python-pip-help-23.3.1-5.oe2403sp1.noarch.rpm",
        "python-pip-wheel-23.3.1-5.oe2403sp1.noarch.rpm",
        "python3-pip-23.3.1-5.oe2403sp1.noarch.rpm"
    ]
}

openEuler:24.03-LTS-SP2

python-pip

Package

Name
python-pip
Purl
pkg:rpm/openEuler/python-pip&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.3.1-5.oe2403sp2

Ecosystem specific 

{
    "src": [
        "python-pip-23.3.1-5.oe2403sp2.src.rpm"
    ],
    "noarch": [
        "python-pip-help-23.3.1-5.oe2403sp2.noarch.rpm",
        "python-pip-wheel-23.3.1-5.oe2403sp2.noarch.rpm",
        "python3-pip-23.3.1-5.oe2403sp2.noarch.rpm"
    ]
}