[PATCH] doc: Update urllib3 version for building
Heinrich Schuchardt
xypron.glpk at gmx.de
Sun Dec 7 10:06:06 CET 2025
On 12/7/25 08:17, Heinrich Schuchardt wrote:
> Am 6. Dezember 2025 17:50:34 MEZ schrieb Tom Rini <trini at konsulko.com>:
>> The GitHub dependabot tool has reported two "high" priority bugs with
>> this package. Update to the patched version.
>>
>> Reported-by: GitHub dependabot
>> Signed-off-by: Tom Rini <trini at konsulko.com>
>> ---
>> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
>> ---
>> doc/sphinx/requirements.txt | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt
>> index 8572c15ef68f..dd433e2bb156 100644
>> --- a/doc/sphinx/requirements.txt
>> +++ b/doc/sphinx/requirements.txt
>> @@ -24,4 +24,4 @@ sphinxcontrib-jquery==4.1
>> sphinxcontrib-jsmath==1.0.1
>> sphinxcontrib-qthelp==2.0.0
>> sphinxcontrib-serializinghtml==2.0.0
>> -urllib3==2.5.0
>> +urllib3==2.6.0
>
> Please, add a reference to CVE-2025-66418 to the commit message before applying.
The other CVE is CVE-2025-66471. Both CVEs are related to excessive
resource consumption caused by downloading from malicious URLs.
>
> Acked-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
>
More information about the U-Boot
mailing list