mirror of
https://git.yoctoproject.org/poky
synced 2026-05-10 05:49:28 +00:00
Jiaying Song
e402b2417a
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0. References: https://nvd.nist.gov/vuln/detail/CVE-2024-35195 Upstream patches: https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac (From OE-Core rev: 8bc8d316a6e8ac08b4eb2b9e2ec30b1f2309c31c) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>