UbuntuUpdates.org

Package "python3-pip-whl"

Name: python3-pip-whl

Description:

Python package installer (pip wheel)
Latest version: 24.0+dfsg-1ubuntu1.2
Release: noble (24.04)
Level: security
Repository: universe
Head package: python-pip
Homepage: https://pip.pypa.io/en/stable/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3-pip-whl"

All arch deb package
APT INSTALL

Other versions of "python3-pip-whl" in Noble

Repository Area Version
base universe 24.0+dfsg-1ubuntu1
updates universe 24.0+dfsg-1ubuntu1.2

Changelog

Version: 24.0+dfsg-1ubuntu1.2 2025-06-28 06:06:57 UTC

  python-pip (24.0+dfsg-1ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: Information disclosure through improperly disabled
    redirects.
    - debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
      to Retry.from_int(retries, redirect=False) as well as set
      raise_on_redirect in ./src/pip/_vendor/urllib3/poolmanager.py.
    - CVE-2025-50181

 -- Hlib Korzhynskyy <email address hidden> Thu, 26 Jun 2025 09:47:19 -0230
Source diff to previous version
CVE-2025-50181 urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a Po

Version: 24.0+dfsg-1ubuntu1.1 2024-10-30 14:06:56 UTC

  python-pip (24.0+dfsg-1ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: The Proxy-Authorization header is not correctly stripped
    when redirecting to a different host in urllib3.
    - debian/patches/CVE-2024-37891.patch: Add "Proxy-Authorization" to
      DEFAULT_REMOVE_HEADERS_ON_REDIRECT in
      src/pip/vendor/urllib3/util/retry.py.
    - CVE-2024-37891

 -- Hlib Korzhynskyy <email address hidden> Fri, 18 Oct 2024 14:34:47 -0230
CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header i


About   -   Send Feedback to @ubuntu_updates