{"affected":[{"ecosystem_specific":{"binaries":[{"python311-requests":"2.32.3-1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.32.3-1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-requests contains the following fixes:\n\n- Add patch to fix to inject the default CA bundles if they are not specified.\n    (bsc#1226321, bsc#1231500)\n\n- Remove Requires on python-py, it should have been removed earlier. \n\n- update to 2.32.3:\n  * Fixed bug breaking the ability to specify custom SSLContexts\n    in sub-classes of HTTPAdapter.\n  * Fixed issue where Requests started failing to run on Python\n    versions compiled without the `ssl` module.\n\n  * To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0,\n    we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing\n    custom HTTPAdapters will need to migrate their code to use this new API. get_connection is\n  * Fixed an issue where setting verify=False on the first request from a Session\n    will cause subsequent requests to the same origin to also ignore cert verification,\n  * verify=True now reuses a global SSLContext which should improve request time\n  * Requests now supports optional use of character detection (chardet or charset_normalizer)\n    when repackaged or vendored. This enables pip and other projects to minimize their\n","id":"SUSE-SU-2025:20094-1","modified":"2025-02-03T09:12:11Z","published":"2025-02-03T09:12:11Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520094-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1224788"},{"type":"REPORT","url":"https://bugzilla.suse.com/1226321"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231500"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-35195"}],"related":["CVE-2024-35195"],"summary":"Security update for python-requests","upstream":["CVE-2024-35195"]}