• [SECURITY] [DSA 5828-1] python-aiohttp security update

    From Moritz Muehlenhoff@21:1/5 to All on Wed Dec 11 20:30:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5828-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 11, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : python-aiohttp
    CVE ID : CVE-2023-47627 CVE-2023-49081 CVE-2023-49082
    CVE-2024-23334 CVE-2024-30251 CVE-2024-52304

    Multiple security vulnerabilities were discovered in python-aiohttp,
    a HTTP client/server for asyncio, which could result in denial of
    service, directory traversal, CRLF injection or request smuggling.

    For the stable distribution (bookworm), these problems have been fixed in version 3.8.4-1+deb12u1.

    We recommend that you upgrade your python-aiohttp packages.

    For the detailed security status of python-aiohttp please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/python-aiohttp

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmdZ5k0ACgkQEMKTtsN8 TjaBmRAArjJQNCwlM7QuWJBb0eK3A5E7HnrWGO1t/BY7t2flyGZ6RuI3VQNMLlZA qNxJ4u1ghNUirIANatURkIlMpdY3tcXrE8LNfM2e9tLsynztZzPHo5re8qtzyDf5 RZulWcd5OAnorVMQ1Qyvrds+eHWVylc59fdh8RuI1N884/N4/XbhwGjLM3/65yL9 7qZnIv8KN4AqBAz7+FVy7rrNQE8VmH6+TcURnydD+D5vqG6DmQq0bGFTbHCukVI5 l4z+LMO6lQtFO5XQ57OWFsvjpBtDud2PT7pM+tSliukmvSsng7FxCy6p2P1ukmaH n522DyeOdnCIP47jRnioCBFVUb6fEr27MIJlBPWehP1MCc1j8MhEj5x9gcI5i5ri Bx/pZ7F5UL+3ZXOub/9qcKzVdoAJD+9DKgTtj9plciHIFmVM5iD6hYfncJfSTbaa CAw/WyKXvPRcNTnBxGjl15sLFySx5mA9o5g8kiUBBRX5E/5Ojj/SrMrsYKPDWski BN9Q1tXVk4hNoecfdiL9lVz5TyRMYPU2x8ARpmZr+OSHDD1tUdkYFVlkYXmN7tBv 13sDfZEpgp7Ue5Ox864RtkMCMWN32Vs2KtDua2WAcK748Y7nviAMzki6xgmnttZS ri1YzQmmyLivNWwA5drUpJa799DnEGepu29vWdN4mb+lehm06mo=
    =1fM7
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)