Overview

File _patchinfo of Package patchinfo.30987

<patchinfo incident="30987">
  <issue tracker="cve" id="2023-43804"/>
  <issue tracker="cve" id="2023-45803"/>
  <issue tracker="bnc" id="1215968">VUL-0: CVE-2023-43804: python-urllib3: cookie request header isn't stripped during cross-origin redirects</issue>
  <issue tracker="bnc" id="1216377">VUL-0: CVE-2023-45803: python-urllib3,python36-urllib3:  Request body not stripped after redirect from 303 status changes request method to GET</issue>
  <packager>dgarcia</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python-urllib3</summary>
  <description>This update for python-urllib3 fixes the following issues:

- CVE-2023-45803: Fix a request body leak that could occur when
  receiving a 303 HTTP response (bsc#1216377).
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
  the user manually set the corresponding header (bsc#1215968).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places