Skip to content

python3Packages.requests: fix netrc credential leak vulnerability#413942

Merged
mweinelt merged 1 commit intoNixOS:stagingfrom
mweinelt:requests-CVE-2024-47081
Jun 4, 2025
Merged

python3Packages.requests: fix netrc credential leak vulnerability#413942
mweinelt merged 1 commit intoNixOS:stagingfrom
mweinelt:requests-CVE-2024-47081

Conversation

@mweinelt
Copy link
Copy Markdown
Member

@mweinelt mweinelt commented Jun 4, 2025
edited
Loading

Patches a disclosed unfixed vulnerability in the popular requests package
where improper URL parsing could be fooled to disclose any credentials
from a netrc configuration.

https://seclists.org/fulldisclosure/2025/Jun/2
psf/requests#6965 (source)

Fixes: CVE-2024-47081

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • Nixpkgs 25.11 Release Notes (or backporting 24.11 and 25.05 Nixpkgs Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
  • NixOS 25.11 Release Notes (or backporting 24.11 and 25.05 NixOS Release notes)
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@mweinelt
python3Packages.requests: fix netrc credential leak vulnerability
1d22f98 
Patches a disclosed unfixed vulnerability in the popular requests package
where improper URL parsing could be fooled to disclose any credentials
from a netrc configuration.

https://seclists.org/fulldisclosure/2025/Jun/2

Fixes: CVE-2024-47081
@mweinelt mweinelt added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-24.11 labels Jun 4, 2025
@github-actions github-actions Bot added the 6.topic: python Python is a high-level, general-purpose programming language. label Jun 4, 2025
@mweinelt mweinelt changed the title cc-wrapper: limit no-omit-leaf-frame-pointer to supported platforms python3Packages.requests: fix netrc credential leak vulnerability Jun 4, 2025
@github-actions github-actions Bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jun 4, 2025
@nix-owners nix-owners Bot requested a review from fabaff June 4, 2025 15:19
@mweinelt mweinelt merged commit b701089 into NixOS:staging Jun 4, 2025
22 of 25 checks passed
@mweinelt mweinelt deleted the requests-CVE-2024-47081 branch June 4, 2025 15:39
@nixpkgs-ci
Copy link
Copy Markdown
Contributor

nixpkgs-ci Bot commented Jun 4, 2025

Successfully created backport PR for staging-24.11:

@nixpkgs-ci nixpkgs-ci Bot mentioned this pull request Jun 4, 2025
Merged
1 task
@nixpkgs-ci
Copy link
Copy Markdown
Contributor

nixpkgs-ci Bot commented Jun 4, 2025

Successfully created backport PR for staging-25.05:

@nixpkgs-ci nixpkgs-ci Bot mentioned this pull request Jun 4, 2025
Merged
1 task
@github-actions github-actions Bot added the 8.has: port to stable This PR already has a backport to the stable release. label Jun 4, 2025
@dotlambda dotlambda mentioned this pull request Jun 13, 2025
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fabaff fabaff Awaiting requested review from fabaff

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: python Python is a high-level, general-purpose programming language. 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mweinelt