Publishing details

Published on 2023-11-15
Copied from ubuntu jammy in PPA for Ubuntu Security Proposed by Jorge Sancho Larraz

Changelog

python-pip (22.0.2+dfsg-1ubuntu0.4) jammy-security; urgency=medium

  * SECURITY UPDATE: http cookie leakage via http redirect
    - debian/patches/CVE-2023-43804.patch: removes the cookie from the
      http request when it is redirected to a different origin.
    - CVE-2023-43804
  * SECURITY UPDATE: http body leakage via http redirect
    - debian/patches/CVE-2023-45803.patch: removes the body from the
      http request when it is redirected to a different origin and the
      http verb is changed to GET.
    - CVE-2023-45803

 -- Jorge Sancho Larraz <email address hidden>  Fri, 10 Nov 2023 13:42:40 +0100

Available diffs

diff from 20.3.4-4 (in Debian) to 22.0.2+dfsg-1ubuntu0.4 (1.2 MiB)
diff from 22.0.2+dfsg-1ubuntu0.3 to 22.0.2+dfsg-1ubuntu0.4 (2.2 KiB)

Builds

amd64

Built packages

python3-pip Python package installer

python3-pip-whl Python package installer (pip wheel)

Package files

python-pip_22.0.2+dfsg-1ubuntu0.4.debian.tar.xz (23.1 KiB)
python-pip_22.0.2+dfsg-1ubuntu0.4.dsc (2.4 KiB)
python-pip_22.0.2+dfsg.orig.tar.xz (1.2 MiB)
python3-pip-whl_22.0.2+dfsg-1ubuntu0.4_all.deb (1.6 MiB)
python3-pip_22.0.2+dfsg-1ubuntu0.4_all.deb (1.2 MiB)