Register | Log in

requests

Choose email to subscribe with

general

source: requests (main)
version: 2.31.0+dfsg-1
maintainer: Debian Python Team (DMD)
uploaders: Daniele Tricoli [DMD]
arch: all
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.21.0-1
o-o-sec: 2.21.0-1+deb10u1
oldstable: 2.25.1+dfsg-2
stable: 2.28.1+dfsg-1
testing: 2.31.0+dfsg-1
unstable: 2.31.0+dfsg-1

versioned links

2.21.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.21.0-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.1+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.28.1+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.31.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python-requests-doc
python3-requests (1 bugs: 0, 1, 0, 0)

action needed

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2023-32681: (needs triaging) Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-05-24 Last update: 2023-12-12 18:10

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2023-32681: (needs triaging) Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.

You can find information about how to handle this issue in the security team's documentation.

Created: 2023-05-24 Last update: 2023-12-12 18:10

debian/patches: 2 patches to forward upstream low

Among the 2 debian patches available in version 2.31.0+dfsg-1 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-07-18 12:00

news

[2023-07-22] requests 2.31.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-07-17] Accepted requests 2.31.0+dfsg-1 (source) into unstable (Daniele Tricoli)
[2023-06-18] Accepted requests 2.21.0-1+deb10u1 (source) into oldoldstable (Markus Koschany)
[2022-11-26] requests 2.28.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-11-24] Accepted requests 2.28.1+dfsg-1 (source) into unstable (Daniele Tricoli)
[2022-03-31] requests 2.27.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-03-20] Accepted requests 2.27.1+dfsg-1 (source) into unstable (Daniele Tricoli)
[2021-01-06] requests 2.25.1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-12-31] Accepted requests 2.25.1+dfsg-2 (source) into unstable (Daniele Tricoli)
[2020-12-31] Accepted requests 2.25.1+dfsg-1 (source) into unstable (Daniele Tricoli)
[2020-12-30] Accepted requests 2.25.0+dfsg-2 (source) into unstable (Daniele Tricoli)
[2020-12-08] Accepted requests 2.25.0+dfsg-1 (source) into unstable (Daniele Tricoli)
[2020-10-27] requests 2.24.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-10-27] requests 2.24.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-10-23] Accepted requests 2.24.0+dfsg-1 (source) into unstable (Drew Parsons)
[2020-04-08] requests 2.23.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-04-01] Accepted requests 2.23.0+dfsg-2 (source) into unstable (Sandro Tosi)
[2020-04-01] Accepted requests 2.23.0+dfsg-1 (source all) into unstable, unstable (Debian FTP Masters) (signed by: Daniele Tricoli)
[2019-12-10] requests 2.22.0-2 MIGRATED to testing (Debian testing watch)
[2019-12-05] Accepted requests 2.22.0-2 (source) into unstable (Daniele Tricoli)
[2019-12-03] Accepted requests 2.22.0-1 (source) into experimental (Daniele Tricoli)
[2019-03-31] Accepted requests 2.21.0-1~bpo9+1 (source) into stretch-backports->backports-policy, stretch-backports (Mattia Rizzolo)
[2019-03-03] requests 2.21.0-1 MIGRATED to testing (Debian testing watch)
[2019-02-12] Accepted requests 2.21.0-1 (source all) into unstable (Daniele Tricoli)
[2018-10-29] Accepted requests 2.20.0-2~bpo9+1 (source all) into stretch-backports, stretch-backports (Mattia Rizzolo)
[2018-10-29] requests 2.20.0-2 MIGRATED to testing (Debian testing watch)
[2018-10-26] Accepted requests 2.20.0-2 (source all) into unstable (Daniele Tricoli)
[2018-10-25] Accepted requests 2.20.0-1 (source all) into unstable (Daniele Tricoli)
[2018-02-15] requests 2.18.4-2 MIGRATED to testing (Debian testing watch)
[2018-02-09] Accepted requests 2.18.4-2 (source all) into unstable (Daniele Tricoli)

1
2

bugs [bug history graph]

all: 7
RC: 0
I&N: 6
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.31.0+dfsg-1ubuntu1
8 bugs
patches for 2.31.0+dfsg-1ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing