FEDORA-2023-f2bb9ee617
Packages in this update:
llhttp-9.1.3-1.fc40
python-aiohttp-3.8.6-1.fc40
Update description:
python-aiohttp 3.8.6 (2023-10-07)
https://github.com/aio-libs/aiohttp/blob/v3.8.6/CHANGES.rst#386-2023-10-07
Security bugfixes
Upgraded llhttp to v9.1.3: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9
Updated Python parser to comply with RFCs 9110/9112: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
Deprecation
Added fallback_charset_resolver parameter in ClientSession to allow a user-supplied character set detection function. Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use fallback_charset_resolver.
Features
Enabled lenient response parsing for more flexible parsing in the client (this should resolve some regressions when dealing with badly formatted HTTP responses).
Bugfixes
Fixed PermissionError when .netrc is unreadable due to permissions.
Fixed output of parsing errors pointing to a n.
Fixed GunicornWebWorker max_requests_jitter not working.
Fixed sorting in filter_cookies to use cookie with longest path.
Fixed display of BadStatusLine messages from llhttp.
llhttp 9.1.3
Fixes
Restart the parser on HTTP 100
Fix chunk extensions quoted-string value parsing
Fix lenient_flags truncated on reset
Fix chunk extensions’ parameters parsing when more then one name-value pair provided
llhttp 9.1.2
What’s Changed
Fix HTTP 1xx handling
llhttp 9.1.1
What’s Changed
feat: Expose new lenient methods
llhttp 9.1.0
What’s Changed
New lenient flag to make CR completely optional
New lenient flag to have spaces after chunk header
More Stories
USN-7015-1: Python vulnerabilities
It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could...
USN-7014-1: nginx vulnerability
It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive...
USN-7013-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this...
USN-7012-1: curl vulnerability
Hiroki Kurosawa discovered that curl incorrectly handled certain OCSP responses. This could result in bad certificates not being checked properly,...
USN-7011-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause...
USN-6560-3: OpenSSH vulnerability
USN-6560-2 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It...