Debian Package Tracker
Register | Log in
Subscribe

requests

Choose email to subscribe with

general
  • source: requests (main)
  • version: 2.32.5+dfsg-1
  • maintainer: Debian Python Team (DMD)
  • uploaders: Daniele Tricoli [DMD]
  • arch: all
  • std-ver: 4.7.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 2.25.1+dfsg-2
  • oldstable: 2.28.1+dfsg-1
  • stable: 2.32.3+dfsg-5
  • testing: 2.32.4+dfsg-1
  • unstable: 2.32.5+dfsg-1
versioned links
  • 2.25.1+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.28.1+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.32.3+dfsg-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.32.4+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.32.5+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • python-requests-doc
  • python3-requests (2 bugs: 0, 2, 0, 0)
action needed
The package has not entered testing even though the delay is over normal
The package has not entered testing even though the 5-day delay is over. Check why.
Created: 2025-09-04 Last update: 2025-09-10 19:35
debian/patches: 2 patches to forward upstream low

Among the 2 debian patches available in version 2.32.5+dfsg-1 of the package, we noticed the following issues:

  • 2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2025-08-30 10:01
1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:
  • CVE-2024-47081: (postponed; to be fixed through a stable update) Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-06-04 Last update: 2025-08-30 00:05
3 low-priority security issues in bookworm low

There are 3 open security issues in bookworm.

2 issues left for the package maintainer to handle:
  • CVE-2023-32681: (needs triaging) Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
  • CVE-2024-47081: (postponed; to be fixed through a stable update) Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

You can find information about how to handle these issues in the security team's documentation.

1 ignored issue:
  • CVE-2024-35195: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.
Created: 2023-05-24 Last update: 2025-08-30 00:05
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).
Created: 2025-02-21 Last update: 2025-08-29 23:28
testing migrations
  • excuses:
    • Migration status for requests (2.32.4+dfsg-1 to 2.32.5+dfsg-1): BLOCKED: Rejected/violates migration policy/introduces a regression
    • Issues preventing migration:
    • ∙ ∙ autopkgtest for dask.distributed/2024.12.1+ds-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Failed (not a regression) ♻ (reference ♻), riscv64: Test triggered (failure will be ignored), s390x: Pass
    • ∙ ∙ autopkgtest for dolfin/2019.2.0~legacy20240219.1c52e83-18: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Test triggered (failure will be ignored), s390x: Pass
    • ∙ ∙ autopkgtest for fenics-dolfinx/1:0.9.0-7: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Test triggered (failure will be ignored), riscv64: Test triggered (failure will be ignored), s390x: Pass
    • ∙ ∙ autopkgtest for proxmoxer/2.2.0-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Regression ♻ (reference ♻), s390x: Pass
    • ∙ ∙ autopkgtest for requests/2.32.5+dfsg-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
    • ∙ ∙ autopkgtest for swift/2.35.1-2: amd64: Pass, arm64: Pass, i386: No tests, superficial or marked flaky ♻ (reference ♻), ppc64el: Failed (not a regression) ♻ (reference ♻), riscv64: Pass, s390x: Test triggered (failure will be ignored)
    • Additional info:
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/r/requests.html
    • ∙ ∙ Reproducible on amd64 - info ♻
    • ∙ ∙ Reproducible on arm64 - info ♻
    • ∙ ∙ 12 days old (needed 5 days)
    • Not considered
news
[rss feed]
  • [2025-08-29] Accepted requests 2.32.5+dfsg-1 (source) into unstable (Colin Watson)
  • [2025-08-23] requests 2.32.4+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2025-08-18] Accepted requests 2.32.4+dfsg-1 (source) into unstable (Colin Watson)
  • [2025-04-17] requests 2.32.3+dfsg-5 MIGRATED to testing (Debian testing watch)
  • [2025-03-24] Accepted requests 2.32.3+dfsg-5 (source) into unstable (Bastian Germann) (signed by: bage@debian.org)
  • [2025-02-23] requests 2.32.3+dfsg-4 MIGRATED to testing (Debian testing watch)
  • [2025-02-17] Accepted requests 2.32.3+dfsg-4 (source) into unstable (Colin Watson)
  • [2025-02-17] Accepted requests 2.32.3+dfsg-3 (source) into experimental (Colin Watson)
  • [2024-11-24] Accepted requests 2.32.3+dfsg-2 (source) into experimental (Alexandre Detiste)
  • [2024-08-31] requests 2.32.3+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2024-06-13] Accepted requests 2.32.3+dfsg-1 (source) into unstable (Colin Watson)
  • [2024-05-19] requests 2.31.0+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2024-05-16] Accepted requests 2.31.0+dfsg-2 (source) into unstable (Timo Röhling)
  • [2023-07-22] requests 2.31.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2023-07-17] Accepted requests 2.31.0+dfsg-1 (source) into unstable (Daniele Tricoli)
  • [2023-06-18] Accepted requests 2.21.0-1+deb10u1 (source) into oldoldstable (Markus Koschany)
  • [2022-11-26] requests 2.28.1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-11-24] Accepted requests 2.28.1+dfsg-1 (source) into unstable (Daniele Tricoli)
  • [2022-03-31] requests 2.27.1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2022-03-20] Accepted requests 2.27.1+dfsg-1 (source) into unstable (Daniele Tricoli)
  • [2021-01-06] requests 2.25.1+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2020-12-31] Accepted requests 2.25.1+dfsg-2 (source) into unstable (Daniele Tricoli)
  • [2020-12-31] Accepted requests 2.25.1+dfsg-1 (source) into unstable (Daniele Tricoli)
  • [2020-12-30] Accepted requests 2.25.0+dfsg-2 (source) into unstable (Daniele Tricoli)
  • [2020-12-08] Accepted requests 2.25.0+dfsg-1 (source) into unstable (Daniele Tricoli)
  • [2020-10-27] requests 2.24.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-27] requests 2.24.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-23] Accepted requests 2.24.0+dfsg-1 (source) into unstable (Drew Parsons)
  • [2020-04-08] requests 2.23.0+dfsg-2 MIGRATED to testing (Debian testing watch)
  • [2020-04-01] Accepted requests 2.23.0+dfsg-2 (source) into unstable (Sandro Tosi)
  • 1
  • 2
bugs [bug history graph]
  • all: 9
  • RC: 0
  • I&N: 7
  • M&W: 2
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.32.3+dfsg-5ubuntu2
  • 7 bugs
  • patches for 2.32.3+dfsg-5ubuntu2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing