FEDORA-2023-bc1f081ca0
Packages in this update:
llhttp-9.1.3-1.fc38
python-aiohttp-3.8.6-1.fc38
uxplay-1.66-2.fc38
Update description:
Security fix for CVE-2023-47627
https://pagure.io/fesco/issue/3106
python-aiohttp 3.8.6 (2023-10-07)
https://github.com/aio-libs/aiohttp/blob/v3.8.6/CHANGES.rst#386-2023-10-07
Security bugfixes
Upgraded llhttp to v9.1.3: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9
Updated Python parser to comply with RFCs 9110/9112: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
Deprecation
Added fallback_charset_resolver parameter in ClientSession to allow a user-supplied character set detection function. Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use fallback_charset_resolver.
Features
Enabled lenient response parsing for more flexible parsing in the client (this should resolve some regressions when dealing with badly formatted HTTP responses).
Bugfixes
Fixed PermissionError when .netrc is unreadable due to permissions.
Fixed output of parsing errors pointing to a n.
Fixed GunicornWebWorker max_requests_jitter not working.
Fixed sorting in filter_cookies to use cookie with longest path.
Fixed display of BadStatusLine messages from llhttp.
llhttp 9.1.3
Fixes
Restart the parser on HTTP 100
Fix chunk extensions quoted-string value parsing
Fix lenient_flags truncated on reset
Fix chunk extensions’ parameters parsing when more then one name-value pair provided
llhttp 9.1.2
What’s Changed
Fix HTTP 1xx handling
llhttp 9.1.1
What’s Changed
feat: Expose new lenient methods
llhttp 9.1.0
What’s Changed
New lenient flag to make CR completely optional
New lenient flag to have spaces after chunk header
More Stories
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21 CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code...
USN-7179-1: Linux kernel vulnerabilities
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote...
USN-7173-2: Linux kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to...
swiftlint-0.57.1-1.fc42
FEDORA-2024-87d30b4fbf Packages in this update: swiftlint-0.57.1-1.fc42 Update description: Automatic update for swiftlint-0.57.1-1.fc42. Changelog * Fri Dec 20 2024 Davide Cavalca...
USN-7166-3: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7159-4: Linux kernel (IoT) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...