stable

llhttp-9.1.3-1.fc39, python-aiohttp-3.8.6-1.fc39, & 1 more

FEDORA-2023-5130a73b00 created by music a year ago for Fedora 39

Security fix for CVE-2023-47627

https://pagure.io/fesco/issue/3106

python-aiohttp 3.8.6 (2023-10-07)

https://github.com/aio-libs/aiohttp/blob/v3.8.6/CHANGES.rst#386-2023-10-07

Security bugfixes

Deprecation

  • Added fallback_charset_resolver parameter in ClientSession to allow a user-supplied character set detection function. Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use fallback_charset_resolver.

Features

  • Enabled lenient response parsing for more flexible parsing in the client (this should resolve some regressions when dealing with badly formatted HTTP responses).

Bugfixes

  • Fixed PermissionError when .netrc is unreadable due to permissions.
  • Fixed output of parsing errors pointing to a \n.
  • Fixed GunicornWebWorker max_requests_jitter not working.
  • Fixed sorting in filter_cookies to use cookie with longest path.
  • Fixed display of BadStatusLine messages from llhttp.

llhttp 9.1.3

Fixes

  • Restart the parser on HTTP 100
  • Fix chunk extensions quoted-string value parsing
  • Fix lenient_flags truncated on reset
  • Fix chunk extensions’ parameters parsing when more then one name-value pair provided

llhttp 9.1.2

What's Changed

  • Fix HTTP 1xx handling

llhttp 9.1.1

What's Changed

  • feat: Expose new lenient methods

llhttp 9.1.0

What's Changed

  • New lenient flag to make CR completely optional
  • New lenient flag to have spaces after chunk header

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-5130a73b00

This update's test gating status has been changed to 'waiting'.

a year ago

This update has been submitted for testing by bodhi.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago
User Icon filiperosset commented & provided feedback a year ago
karma

no regressions noted

User Icon frantisekz provided feedback a year ago
karma

This update can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
approved
a year ago
BZ#2228290 llhttp-9.0.1 is available
0
0
BZ#2238879 llhttp-9.1.2 is available
0
0
BZ#2242220 llhttp-9.1.3 is available
0
0
BZ#2249825 CVE-2023-47627 python-aiohttp: numerous issues in HTTP parser with header parsing
0
0
BZ#2250615 CVE-2023-47627 python-aiohttp: numerous issues in HTTP parser with header parsing [fedora-all]
0
0

Automated Test Results