stable

python-aiohttp-3.9.1-1.fc40, python-pysqueezebox-0.5.5-11.fc40, & 1 more

FEDORA-2023-d5bd6b62e4 created by music 10 months ago for Fedora 40

Security fix for CVE-2023-49081, CVE-2023-49082.

Update python-aiohttp to 3.9.1.

Patch python-pysqeezebox and python-wled so they do not have an implicit dependency on python-async-timeout via python-aiohttp.

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0

https://github.com/aio-libs/aiohttp/releases/tag/v3.9.1

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-d5bd6b62e4

This update's test gating status has been changed to 'waiting'.

10 months ago

This update's test gating status has been changed to 'ignored'.

10 months ago

This update has been submitted for stable by bodhi

10 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
0 days
Dates
submitted
10 months ago
in testing
10 months ago
in stable
10 months ago
approved
10 months ago
BZ#2252235 CVE-2023-49081 aiohttp: HTTP request modification
0
0
BZ#2252236 TRIAGE CVE-2023-49081 python-aiohttp: aiohttp: HTTP request modification [fedora-all]
0
0
BZ#2252248 CVE-2023-49082 aiohttp: CRLF injection if user controls the HTTP method using aiohttp client
0
0
BZ#2252249 TRIAGE CVE-2023-49082 python-aiohttp: aiohttp: CRLF injection if user controls the HTTP method using aiohttp client [fedora-all]
0
0

Automated Test Results