package/python-urllib3: security bump to 1.25.9
Fixes CVE-2020-7212 (1.25.2 - 1.25.7)
The _encode_invalid_chars function does not remove duplicate percent
encodings in the _percent_encodings array, which combined with the
normalization step could take O(N^2) time to compute for a URL of
length N. This results in a marginally higher CPU consumption
compared to the potential linear time achieved by deduplicating
the _percent_encodings array.
CC: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
projects / buildroot.git / commit