UbuntuUpdates.org

Package "python3-pip-whl"

Name: python3-pip-whl

Description:

Python package installer (pip wheel)
Latest version: 25.0+dfsg-1ubuntu0.2
Release: plucky (25.04)
Level: security
Repository: universe
Head package: python-pip
Homepage: https://pip.pypa.io/en/stable/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3-pip-whl"

All arch deb package
APT INSTALL

Other versions of "python3-pip-whl" in Plucky

Repository Area Version
base universe 25.0+dfsg-1
updates universe 25.0+dfsg-1ubuntu0.2

Changelog

Version: 25.0+dfsg-1ubuntu0.2 2025-09-23 15:07:53 UTC

  python-pip (25.0+dfsg-1ubuntu0.2) plucky-security; urgency=medium

  * SECURITY UPDATE: Information Leak
    - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
      lookup instead of netloc
    - CVE-2024-47081

 -- Hlib Korzhynskyy <email address hidden> Mon, 22 Sep 2025 16:28:19 -0230
Source diff to previous version
CVE-2024-47081 Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific m

Version: 25.0+dfsg-1ubuntu0.1 2025-06-26 19:07:28 UTC

  python-pip (25.0+dfsg-1ubuntu0.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Information disclosure through improperly disabled
    redirects.
    - debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
      to Retry.from_int(retries, redirect=False) as well as set
      raise_on_redirect in ./src/pip/_vendor/urllib3/poolmanager.py.
    - CVE-2025-50181

 -- Hlib Korzhynskyy <email address hidden> Thu, 26 Jun 2025 10:17:59 -0230
CVE-2025-50181 urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a Po


About   -   Send Feedback to @ubuntu_updates