Summary: | dev-python/virtualenv: bundles vulnerable urllib3 via vulnerable pip | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | minor | CC: | mgorny, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [ebuild?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 835609 |
Description
John Helmert III
2022-03-19 15:08:02 UTC
Perhaps you'd want to file a bug upstream and see what they say. Technically, I think it should be possible to patch the bundled wheels but that's a big meh. |