{"schema_version":"1.7.2","id":"OESA-2026-1332","modified":"2026-02-06T15:57:46Z","published":"2026-02-06T15:57:46Z","upstream":["CVE-2025-66418"],"summary":"python-pip security update","details":"pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-/bash_completion.d}) Name:           python-pip Version:        23.3.1 Release:        6 Summary:        A tool for installing and managing Python packages License:        MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) URL:            http://www.pip-installer.org Source0:          Source1:        pip.loongarch.conf BuildArch:      noarch Patch1:         remove-existing-dist-only-if-path-conflicts. Patch6000:      dummy-certifi.patch Patch6001:      backport-CVE-2023-45803-Made-body-stripped-from-HTTP-requests.patch Patch6002:      backport-CVE-2024-37891-Strip-Proxy-Authorization-header-on-redirects.patch Patch6003:      backport-CVE-2024-47081.patch Patch6004:      backport-CVE-2025-50181.patch Patch6005:      backport-CVE-2025-8869.patch\r\n\r\nSecurity Fix(es):\n\nurllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.(CVE-2025-66418)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP2","name":"python-pip","purl":"pkg:rpm/openEuler/python-pip&distro=openEuler-24.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"23.3.1-7.oe2403sp2"}]}],"ecosystem_specific":{"noarch":["python-pip-help-23.3.1-7.oe2403sp2.noarch.rpm","python-pip-wheel-23.3.1-7.oe2403sp2.noarch.rpm","python3-pip-23.3.1-7.oe2403sp2.noarch.rpm"],"src":["python-pip-23.3.1-7.oe2403sp2.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1332"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66418"}],"database_specific":{"severity":"High"}}