{
    "summary": {
        "snap": {
            "added": [],
            "removed": [],
            "diff": []
        },
        "deb": {
            "added": [],
            "removed": [],
            "diff": [
                "python3-urllib3"
            ]
        }
    },
    "diff": {
        "deb": [
            {
                "name": "python3-urllib3",
                "from_version": {
                    "source_package_name": "python-urllib3",
                    "source_package_version": "1.26.5-1~exp1ubuntu0.6",
                    "version": "1.26.5-1~exp1ubuntu0.6"
                },
                "to_version": {
                    "source_package_name": "python-urllib3",
                    "source_package_version": "1.26.5-1~exp1ubuntu0.7",
                    "version": "1.26.5-1~exp1ubuntu0.7"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-44431",
                        "url": "https://ubuntu.com/security/CVE-2026-44431",
                        "cve_description": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-13 16:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-44431",
                                "url": "https://ubuntu.com/security/CVE-2026-44431",
                                "cve_description": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-13 16:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: sensitive headers not stripped in cross-origin redirects",
                            "    - debian/patches/CVE-2026-44431.patch: remove sensitive headers in proxy",
                            "      pools too in src/urllib3/connectionpool.py,",
                            "      test/with_dummyserver/test_proxy_poolmanager.py.",
                            "    - CVE-2026-44431",
                            ""
                        ],
                        "package": "python-urllib3",
                        "version": "1.26.5-1~exp1ubuntu0.7",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 22 May 2026 16:41:35 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            }
        ],
        "snap": []
    },
    "added": {
        "deb": [],
        "snap": []
    },
    "removed": {
        "deb": [],
        "snap": []
    },
    "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20260602 to 20260603",
    "from_series": "jammy",
    "to_series": "jammy",
    "from_serial": "20260602",
    "to_serial": "20260603",
    "from_manifest_filename": "daily_manifest.previous",
    "to_manifest_filename": "manifest.current"
}