Debian Package Tracker

From: Andrej Shadura <andrewsh@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted waitress 1.4.1-1 (source) into unstable
Date: Wed, 01 Jan 2020 13:19:10 +0000
Signed by: Andrew Shadura <andrewsh@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 01 Jan 2020 14:04:40 +0100
Source: waitress
Architecture: source
Version: 1.4.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Andrej Shadura <andrewsh@debian.org>
Closes: 947306 947433
Changes:
 waitress (1.4.1-1) unstable; urgency=medium
 .
   * New upstream release.
     - Closes: #947306:
       CVE-2019-16785: potential HTTP request smuggling/splitting
       due to differences in endline parsing.
       CVE-2019-16786: incorrect treatment of single requests as
       multiple requests in the case of HTTP pipelining due to
       the incorrect parsing of Transfer-Encoding ignoring all but
       the first comma-separated header value.
     - Closes: #947433:
       CVE-2019-16789: potential HTTP request splitting leading
       to potential cache poisoning or unexpected information
       disclosure due to incorrect parsing of special whitespace
       characters in the Transfer-Encoding header.
   * Refresh the documentation configuration patch.
   * Set Rules-Requires-Root: no
   * Bump Standards-Version to 4.4.1, no changes.
   * Replace dh_auto_install override with --shebang.
   * Update debian/copyright.
   * Use ${sphinxdoc:Built-Using}.
Checksums-Sha1:
 38f18ec9dedb8c10276f191d10cf873e9df7a1bd 1878 waitress_1.4.1-1.dsc
 26f2c542eccf4ab15c3fc0310a6fd2274537a42e 166315 waitress_1.4.1.orig.tar.gz
 6b2d446e4a51682a3240a5c2e2cb84279b61670e 5220 waitress_1.4.1-1.debian.tar.xz
Checksums-Sha256:
 f9dafca7efcb6c05801faaa54512391027478819cd3da098d12d3b490f6a44a1 1878 waitress_1.4.1-1.dsc
 54dd6eadfdde8074a82598af4d8692c704cb82a0be609faa47fb76db8dd3ddca 166315 waitress_1.4.1.orig.tar.gz
 95bbd7f35cbac264e7b1e2bdcb2a687425306c1c256c0c754885ca8aed4bacf4 5220 waitress_1.4.1-1.debian.tar.xz
Files:
 a924a8927609b692796f80dcc194a5e1 1878 python optional waitress_1.4.1-1.dsc
 097ea7590bb1cf033738682770ae3f82 166315 python optional waitress_1.4.1.orig.tar.gz
 9fafaf3ebcb4ae0753bc2767a254e12c 5220 python optional waitress_1.4.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAl4MmeAACgkQXkCM2RzY
OdJeIgf/SjVPZl8NfSEm16+DAtaDzxube6VPYquEWAYxP04CjXheBHPb20fhvln5
+Y8XGSeuKs7mxb8d2kkqCE0FKNPPinWQWQCvCw4uG/mddD4AqIb6YM5ERfmb7aJt
7n56dfBJDq35bvPtLuDsvtKZ1HBhKVl5aOedCjRSo99qS2PfL8T+wUPYh7GOfWUc
CERdIgCrJVPj0toPE7Rye2c13scoXn499yKlZ31AETWovUdDXSTKQZRKbBnK1W4I
+LqCP2hZ2c3I9SFTAkmUIn+4iodnq55TepE5/NzdbcUfF1xRW8jGidbKKvi+6FwK
u5yIBru7xgA20wEbmXLhQESNKj9E3Q==
=dHGz
-----END PGP SIGNATURE-----
News for package waitress
