Update setup.py in order to fix CVE-2023-37920

psf / requests

A simple, yet elegant, HTTP library.

https://requests.readthedocs.io/en/latest/

Apache License 2.0

52.19k stars 9.33k forks source link

Update setup.py in order to fix CVE-2023-37920 #6739

Closed pablospe closed 5 months ago

pablospe commented 5 months ago

CVE-2023-37920 link: https://nvd.nist.gov/vuln/detail/CVE-2023-37920

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

nateprewitt commented 5 months ago

Hi @pablospe, please check open and closed issues/PRs before filing new ones. You can see our previous response here.