RLSA-2021:1631

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2021:1631.json

Related

CVE-2020-26137

Published

2021-05-18T05:42:27Z

Modified

2023-02-02T12:51:50.903491Z

Summary

Moderate: python-urllib3 security update

Details

The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.

Security Fix(es):

python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.

References

https://errata.rockylinux.org/RLSA-2021:1631
https://bugzilla.redhat.com/show_bug.cgi?id=1883632

Affected packages

Rocky Linux:8 / python-urllib3

Package

Name: python-urllib3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.24.2-5.el8