Read Time:35 Second

FEDORA-EPEL-2024-bc19d8cc99

Packages in this update:

python-aiohttp-3.7.4-7.el8

Update description:

Security fix for CVE-2024-52304

Update License field to SPDX.

Build and install the C extensions. Based on the history of security fixes in
later releases, this may close some vulnerabilities and possibly open others,
as both the C and Python HTTP parsing implementations have had their own
distinct issues.

While this backports the fix for CVE-2024-52304, and the fix for CVE-2024-23334
was backported in a previous update, it is very likely that other unmitigated
issues exist in this old release. Unfortunately, updating to a later version in
EPEL8 is impractical at best.

Read More