Finding fresh policy Processing upload requests_2.25.1+dfsg-ok2_source.changes Beginning processing. Verifying signature on requests_2.25.1+dfsg-ok2_source.changes Verifying signature on requests_2.25.1+dfsg-ok2.dsc Performing DSC verification. requests_2.25.1+dfsg-ok2_source.buildinfo can be unsigned. Verifying the changes file. Verifying files in upload. Verifying source file requests_2.25.1+dfsg-ok2.dsc requests_2.25.1+dfsg.orig.tar.xz found in Primary Archive for openKylin Verifying uploaded source package by unpacking it. Copying copyright contents. Found changelog Cleaning up source tree. Done Verifying source file requests_2.25.1+dfsg.orig.tar.xz Verifying source file requests_2.25.1+dfsg-ok2.debian.tar.xz Verifying buildinfo file requests_2.25.1+dfsg-ok2_source.buildinfo Finding and applying overrides. Checking for requests/2.25.1+dfsg-ok2 source ancestry requests: (source) NEW Finished checking upload. Creating queue entry requests diff from 2.25.1+dfsg-ok1 (in Openkylin) to 2.25.1+dfsg-ok2 requested Setting it to ACCEPTED Creating PENDING publishing record. Created amd64 build of requests 2.25.1+dfsg-ok2 in openkylin yangtze RELEASE [84038] in jenkins-ci-open-mr-3352 (2510) Building recipients list. Adding recipient: 'Cibot ' Sent a mail: Subject: [~cibot/openkylin/jenkins-ci-open-mr-3352/yangtze] requests 2.25.1+dfsg-ok2 (Accepted) Sender: OKBS notice Recipients: Cibot Bcc: Local Root Body: Accepted: OK: requests_2.25.1+dfsg.orig.tar.xz OK: requests_2.25.1+dfsg-ok2.debian.tar.xz OK: requests_2.25.1+dfsg-ok2.dsc -> Component: main Section: python requests (2.25.1+dfsg-ok2) yangtze; urgency=medium * wjy1978 [CVE-2023-32681] Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. -- https://build.openkylin.top/~cibot/+archive/openkylin/jenkins-ci-open-mr-3352 You are receiving this email because you made this upload. Committing the transaction and any mails associated with this upload.