Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-3269


Security update for python-waitress


Type: security
Severity: moderate
Issued: 2020-11-10
Description:
This update for python-waitress to 1.4.3 fixes the following security issues:

- CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088).
- CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089).
- CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790).
- CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670).


              

Packages


  • python-waitress-1.4.3-3.3.1