FEDORA-EPEL-2023-4b1b8b8b25
Packages in this update:
llhttp-9.1.3-1.el9
python-aiohttp-3.9.1-1.el9
Update description:
Security fix for CVE-2023-47627, CVE-2023-49081, CVE-2023-49082.
https://pagure.io/epel/issue/262
python-aiohttp 3.9.1 (2023-11-26)
https://github.com/aio-libs/aiohttp/blob/v3.9.1/CHANGES.rst#391-2023-11-26
python-aiohttp 3.9.0 (2023-11-17)
https://github.com/aio-libs/aiohttp/blob/v3.9.1/CHANGES.rst#390-2023-11-18
python-aiohttp 3.8.6 (2023-10-07)
https://github.com/aio-libs/aiohttp/blob/v3.9.1/CHANGES.rst#386-2023-10-07
llhttp 9.1.3
Fixes
Restart the parser on HTTP 100
Fix chunk extensions quoted-string value parsing
Fix lenient_flags truncated on reset
Fix chunk extensions’ parameters parsing when more then one name-value pair provided
llhttp 9.1.2
What’s Changed
Fix HTTP 1xx handling
llhttp 9.1.1
What’s Changed
feat: Expose new lenient methods
llhttp 9.1.0
What’s Changed
New lenient flag to make CR completely optional
New lenient flag to have spaces after chunk header
