python-aiohttp (3.9.5-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/python-team/packages/python-aiohttp.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 823296
- Browser: https://salsa.debian.org/python-team/packages/python-aiohttp
- Last scan: 2024-07-21 04:27:02+00
- Next scan: 2024-07-28 23:31:00+00
- CI pipeline status: success
- Debian changelog in Git:
python-aiohttp (3.9.5-1) unstable; urgency=medium
* Team upload.
* Use pybuild-plugin-pyproject.
* New upstream release:
- CVE-2024-23829: Python HTTP parser still overly lenient about
separators (closes: #1062708).
- CVE-2024-23334: aiohttp.web.static(follow_symlinks=True) is vulnerable
to directory traversal (closes: #1062709).
- CVE-2024-30251: DoS when trying to parse malformed POST requests
(closes: #1070364).
- CVE-2024-27306: XSS on index pages for static file handling (closes:
#1070665).
* Standards-Version: 3.7.0 (no changes required).
-- Colin Watson <cjwatson@debian.org> Sun, 16 Jun 2024 12:39:52 +0100
- This branch is even with tag debian/3.9.5-1