On Sun, Dec 07, 2025 at 10:06:06AM +0100, Heinrich Schuchardt wrote: > On 12/7/25 08:17, Heinrich Schuchardt wrote: > > Am 6. Dezember 2025 17:50:34 MEZ schrieb Tom Rini <[email protected]>: > > > The GitHub dependabot tool has reported two "high" priority bugs with > > > this package. Update to the patched version. > > > > > > Reported-by: GitHub dependabot > > > Signed-off-by: Tom Rini <[email protected]> > > > --- > > > Cc: Heinrich Schuchardt <[email protected]> > > > --- > > > doc/sphinx/requirements.txt | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt > > > index 8572c15ef68f..dd433e2bb156 100644 > > > --- a/doc/sphinx/requirements.txt > > > +++ b/doc/sphinx/requirements.txt > > > @@ -24,4 +24,4 @@ sphinxcontrib-jquery==4.1 > > > sphinxcontrib-jsmath==1.0.1 > > > sphinxcontrib-qthelp==2.0.0 > > > sphinxcontrib-serializinghtml==2.0.0 > > > -urllib3==2.5.0 > > > +urllib3==2.6.0 > > > > Please, add a reference to CVE-2025-66418 to the commit message before > > applying. > > The other CVE is CVE-2025-66471. Both CVEs are related to excessive resource > consumption caused by downloading from malicious URLs.
Neither were listed on the github page at the time, frustratingly. -- Tom
signature.asc
Description: PGP signature
