[PATCH] doc: Update urllib3 version for building
Tom Rini
trini at konsulko.com
Sun Dec 7 14:59:35 CET 2025
On Sun, Dec 07, 2025 at 10:06:06AM +0100, Heinrich Schuchardt wrote:
> On 12/7/25 08:17, Heinrich Schuchardt wrote:
> > Am 6. Dezember 2025 17:50:34 MEZ schrieb Tom Rini <trini at konsulko.com>:
> > > The GitHub dependabot tool has reported two "high" priority bugs with
> > > this package. Update to the patched version.
> > >
> > > Reported-by: GitHub dependabot
> > > Signed-off-by: Tom Rini <trini at konsulko.com>
> > > ---
> > > Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> > > ---
> > > doc/sphinx/requirements.txt | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt
> > > index 8572c15ef68f..dd433e2bb156 100644
> > > --- a/doc/sphinx/requirements.txt
> > > +++ b/doc/sphinx/requirements.txt
> > > @@ -24,4 +24,4 @@ sphinxcontrib-jquery==4.1
> > > sphinxcontrib-jsmath==1.0.1
> > > sphinxcontrib-qthelp==2.0.0
> > > sphinxcontrib-serializinghtml==2.0.0
> > > -urllib3==2.5.0
> > > +urllib3==2.6.0
> >
> > Please, add a reference to CVE-2025-66418 to the commit message before applying.
>
> The other CVE is CVE-2025-66471. Both CVEs are related to excessive resource
> consumption caused by downloading from malicious URLs.
Neither were listed on the github page at the time, frustratingly.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20251207/66601e43/attachment.sig>
More information about the U-Boot
mailing list