[SECURITY] [DSA 5828-1] python-aiohttp security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5828-1] python-aiohttp security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 11 Dec 2024 19:24:14 +0000
Message-id: <Z1nm3m7uEb/CZ/1t@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5828-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 11, 2024                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-aiohttp
CVE ID         : CVE-2023-47627 CVE-2023-49081 CVE-2023-49082
                 CVE-2024-23334 CVE-2024-30251 CVE-2024-52304

Multiple security vulnerabilities were discovered in python-aiohttp,
a HTTP client/server for asyncio, which could result in denial of
service, directory traversal, CRLF injection or request smuggling.

For the stable distribution (bookworm), these problems have been fixed in
version 3.8.4-1+deb12u1.

We recommend that you upgrade your python-aiohttp packages.

For the detailed security status of python-aiohttp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-aiohttp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmdZ5k0ACgkQEMKTtsN8
TjaBmRAArjJQNCwlM7QuWJBb0eK3A5E7HnrWGO1t/BY7t2flyGZ6RuI3VQNMLlZA
qNxJ4u1ghNUirIANatURkIlMpdY3tcXrE8LNfM2e9tLsynztZzPHo5re8qtzyDf5
RZulWcd5OAnorVMQ1Qyvrds+eHWVylc59fdh8RuI1N884/N4/XbhwGjLM3/65yL9
7qZnIv8KN4AqBAz7+FVy7rrNQE8VmH6+TcURnydD+D5vqG6DmQq0bGFTbHCukVI5
l4z+LMO6lQtFO5XQ57OWFsvjpBtDud2PT7pM+tSliukmvSsng7FxCy6p2P1ukmaH
n522DyeOdnCIP47jRnioCBFVUb6fEr27MIJlBPWehP1MCc1j8MhEj5x9gcI5i5ri
Bx/pZ7F5UL+3ZXOub/9qcKzVdoAJD+9DKgTtj9plciHIFmVM5iD6hYfncJfSTbaa
CAw/WyKXvPRcNTnBxGjl15sLFySx5mA9o5g8kiUBBRX5E/5Ojj/SrMrsYKPDWski
BN9Q1tXVk4hNoecfdiL9lVz5TyRMYPU2x8ARpmZr+OSHDD1tUdkYFVlkYXmN7tBv
13sDfZEpgp7Ue5Ox864RtkMCMWN32Vs2KtDua2WAcK748Y7nviAMzki6xgmnttZS
ri1YzQmmyLivNWwA5drUpJa799DnEGepu29vWdN4mb+lehm06mo=
=1fM7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5827-1] proftpd-dfsg security update
Next by Date: [SECURITY] [DSA 5829-1] chromium security update
Previous by thread: [SECURITY] [DSA 5827-1] proftpd-dfsg security update
Next by thread: [SECURITY] [DSA 5829-1] chromium security update
Index(es):
- Date
- Thread