kumquat-buildroot/package/python-urllib3
Fabrice Fontaine 4a8c6746bf package/python-urllib3: security bump to version 1.26.4
Fix CVE-2021-28363: The urllib3 library 1.26.x before 1.26.4 for Python
omits SSL certificate validation in some cases involving HTTPS to HTTPS
proxies. The initial connection to the HTTPS proxy (if an SSLContext
isn't given via proxy_config) doesn't verify the hostname of the
certificate. This means certificates for different servers that still
validate properly with the default urllib3 SSLContext will be silently
accepted.

https://github.com/urllib3/urllib3/blob/1.26.4/CHANGES.rst

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-03-30 08:18:51 +02:00
..
Config.in
python-urllib3.hash
python-urllib3.mk