Back to bug 1945136
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Dhananjay Arunesh | 2021-03-31 12:26:46 UTC | Blocks | 1945140 | |
| Dhananjay Arunesh | 2021-03-31 12:27:29 UTC | Depends On | 1945141, 1945142, 1945137, 1945138 | |
| Miro HronĨok | 2021-03-31 13:07:30 UTC | CC | kaycoth | |
| Flags | needinfo?(darunesh) | |||
| Przemyslaw Roguski | 2021-03-31 15:01:14 UTC | Fixed In Version | python-urllib3 1.26.4 | |
| Przemyslaw Roguski | 2021-03-31 15:07:17 UTC | Depends On | 1945271 | |
| Tomas Hoger | 2021-04-01 21:02:37 UTC | Flags | needinfo?(darunesh) | |
| Tomas Hoger | 2021-04-01 21:14:12 UTC | Comment | 0 | updated |
| Tomas Hoger | 2021-04-01 21:17:02 UTC | Summary | CVE-2021-28363 python-urllib3: omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies | CVE-2021-28363 python-urllib3: HTTPS proxy host name not validated when using default SSLContext |
| Jason Shepherd | 2021-04-11 23:27:56 UTC | CC | vmugicag | |
| Depends On | 1946224, 1946225 | |||
| Depends On | 1946228, 1946227 | |||
| CC | bdettelb, tomckay | |||
| Red Hat Bugzilla | 2021-06-22 00:27:31 UTC | CC | dbecker | |
| Eric Christensen | 2021-06-23 14:59:42 UTC | Doc Text | A flaw was found in python-urllib3. SSL certificate validation is omitted in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. | |
| Red Hat Bugzilla | 2021-07-01 12:29:40 UTC | CC | puebele | |
| Lon Hohberger | 2021-07-09 17:20:11 UTC | CC | rhos-maint | |
| Red Hat Bugzilla | 2022-01-08 05:33:37 UTC | CC | jokerman | |
| Red Hat Bugzilla | 2023-07-07 08:34:55 UTC | Assignee | security-response-team | nobody |
Back to bug 1945136