it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5828-1] python-aiohttp security update
- Date: Wed, 11 Dec 2024 19:24:14 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/Z1nm3m7uEb/CZ/1t AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=BCo0/g3S4bCEGy1f2WP/ST3/H6JOvqK0Ivtk5LKMOIo=; b=DW EKHCyeiGxatJN3mlGHVrrnLPLxS67oS01uQsAfGNTGbee+o5Ga3864Q1m1H+KDPOy/jQxETetzMQu lrc2WVf6QP1TR+DofYCJ4zCZXhL66zK8GhPEPD4KD4HZQ95jcS5uOrBwY0pazgHwiHFynccKCP2tM tHiprDyuun2QyNuJ7Yn276xBoXX52QsyiZzxcVxjo6RBy9Wwl7ECuO9/aTNF+OymlsnaKTaV31D6y kh62ojI/dUETTqmaCxxfu8Nf7meyEBkX98o6HLcnTnjfw6B3EC69Ev12yHD8vmJT3c4rJvjdsaeHk BG06FO3y3Pul18+I42XpAKbliyukdrFw==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 11 Dec 2024 19:24:38 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <h4JMu7cajJE.A.VmfP.2beWnB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5828-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 11, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : python-aiohttp
CVE ID : CVE-2023-47627 CVE-2023-49081 CVE-2023-49082
CVE-2024-23334 CVE-2024-30251 CVE-2024-52304
Multiple security vulnerabilities were discovered in python-aiohttp,
a HTTP client/server for asyncio, which could result in denial of
service, directory traversal, CRLF injection or request smuggling.
For the stable distribution (bookworm), these problems have been fixed in
version 3.8.4-1+deb12u1.
We recommend that you upgrade your python-aiohttp packages.
For the detailed security status of python-aiohttp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-aiohttp
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmdZ5k0ACgkQEMKTtsN8
TjaBmRAArjJQNCwlM7QuWJBb0eK3A5E7HnrWGO1t/BY7t2flyGZ6RuI3VQNMLlZA
qNxJ4u1ghNUirIANatURkIlMpdY3tcXrE8LNfM2e9tLsynztZzPHo5re8qtzyDf5
RZulWcd5OAnorVMQ1Qyvrds+eHWVylc59fdh8RuI1N884/N4/XbhwGjLM3/65yL9
7qZnIv8KN4AqBAz7+FVy7rrNQE8VmH6+TcURnydD+D5vqG6DmQq0bGFTbHCukVI5
l4z+LMO6lQtFO5XQ57OWFsvjpBtDud2PT7pM+tSliukmvSsng7FxCy6p2P1ukmaH
n522DyeOdnCIP47jRnioCBFVUb6fEr27MIJlBPWehP1MCc1j8MhEj5x9gcI5i5ri
Bx/pZ7F5UL+3ZXOub/9qcKzVdoAJD+9DKgTtj9plciHIFmVM5iD6hYfncJfSTbaa
CAw/WyKXvPRcNTnBxGjl15sLFySx5mA9o5g8kiUBBRX5E/5Ojj/SrMrsYKPDWski
BN9Q1tXVk4hNoecfdiL9lVz5TyRMYPU2x8ARpmZr+OSHDD1tUdkYFVlkYXmN7tBv
13sDfZEpgp7Ue5Ox864RtkMCMWN32Vs2KtDua2WAcK748Y7nviAMzki6xgmnttZS
ri1YzQmmyLivNWwA5drUpJa799DnEGepu29vWdN4mb+lehm06mo=
=1fM7
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5828-1] python-aiohttp security update, Moritz Muehlenhoff, 11.12.2024
Archiv bereitgestellt durch MHonArc 2.6.19+.