Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5fff1f89 by Moritz Mühlenhoff at 2024-12-11T20:20:17+01:00
python-aiohttp DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -88959,7 +88959,6 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP
client/server framework for asyn
NOTE:
https://github.com/aio-libs/aiohttp/commit/d33bc21414e283c9e6fe7f6caf69e2ed60d66c82
(v3.9.2)
CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
- python-aiohttp 3.9.5-1 (bug #1062709)
- [bookworm] - python-aiohttp <no-dsa> (Minor issue)
[bullseye] - python-aiohttp <no-dsa> (Minor issue)
[buster] - python-aiohttp <no-dsa> (Minor issue)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
@@ -100981,7 +100980,6 @@ CVE-2023-49087 (xml-security is a library that
implements XML signatures and enc
NOT-FOR-US: xml-security (SimpleSAMLphp library for XML Security)
CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
- python-aiohttp 3.9.1-1 (bug #1057164)
- [bookworm] - python-aiohttp <no-dsa> (Minor issue)
[bullseye] - python-aiohttp <no-dsa> (Minor issue)
[buster] - python-aiohttp <postponed> (Minor issue, limited request
smuggling)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx
@@ -100989,7 +100987,6 @@ CVE-2023-49082 (aiohttp is an asynchronous HTTP
client/server framework for asyn
NOTE:
https://github.com/aio-libs/aiohttp/commit/4075c653fb67a29740bf9ac050bb02d10a57343a
(v3.9.0b1)
CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
- python-aiohttp 3.9.1-1 (bug #1057163)
- [bookworm] - python-aiohttp <no-dsa> (Minor issue)
[bullseye] - python-aiohttp <no-dsa> (Minor issue)
[buster] - python-aiohttp <postponed> (Minor issue, limited request
smuggling)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
@@ -103012,7 +103009,6 @@ CVE-2023-47630 (Kyverno is a policy engine designed
for Kubernetes. An issue was
NOT-FOR-US: Kyverno
CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
- python-aiohttp 3.8.6-1
- [bookworm] - python-aiohttp <no-dsa> (Minor issue)
[bullseye] - python-aiohttp <no-dsa> (Minor issue)
[buster] - python-aiohttp <no-dsa> (Minor issue)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Dec 2024] DSA-5828-1 python-aiohttp - security update
+ {CVE-2023-47627 CVE-2023-49081 CVE-2023-49082 CVE-2024-23334
CVE-2024-30251 CVE-2024-52304}
+ [bookworm] - python-aiohttp 3.8.4-1+deb12u1
[10 Dec 2024] DSA-5827-1 proftpd-dfsg - security update
{CVE-2024-48651}
[bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u4
=====================================
data/dsa-needed.txt
=====================================
@@ -37,8 +37,6 @@ opennds
--
php-laravel-framework
--
-python-aiohttp (jmm)
---
python-django
Chris is working on it
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fff1f8903c68cb683ea174db6b24d55b6393949
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fff1f8903c68cb683ea174db6b24d55b6393949
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
