-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 May 2022 17:14:39 -0400 Source: waitress Architecture: source Version: 1.4.4-1.1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Stefano Rivera <stefanor@debian.org> Closes: 1008013 Changes: waitress (1.4.4-1.1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Security update, resolving a request smuggling vulnerability: When using previous Waitress versions behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. CVE-2022-24761 (Closes: #1008013) Checksums-Sha1: fe81a3ae71986397dc039ee88e6f67a5f4c31cbf 1582 waitress_1.4.4-1.1+deb11u1.dsc 7edf00b8c7c5064cc5d736bd1b52d36f42abbf77 168781 waitress_1.4.4.orig.tar.gz ac909efccd6367f26aac5f7f6fc4881d9c04586a 11004 waitress_1.4.4-1.1+deb11u1.debian.tar.xz c315a90a88ee5f58a75b50480d88a2eb5b4f2074 7069 waitress_1.4.4-1.1+deb11u1_source.buildinfo Checksums-Sha256: 98f35bcb5a55aaa4f479ae53094910df54eceadebe0d7e0c057d9d553a6c0ac5 1582 waitress_1.4.4-1.1+deb11u1.dsc 857d94a0f87954bceb954c8685c94565eb59ac5a81229ba252e2f86dab182d6d 168781 waitress_1.4.4.orig.tar.gz 3b42a8ae3676492b3ec546709a5aee9defb568ea2846a39131ed6f0c29e25eb4 11004 waitress_1.4.4-1.1+deb11u1.debian.tar.xz 9eb4d91c231fb2962bf6b6b3dbc584b9a9f7fbdf7d5f928d9d1be2f38c926b23 7069 waitress_1.4.4-1.1+deb11u1_source.buildinfo Files: 5592eb765298a10e5bee446cf32302ba 1582 python optional waitress_1.4.4-1.1+deb11u1.dsc dc4dabf509e5e909cb11dd38c0708f66 168781 python optional waitress_1.4.4.orig.tar.gz 3a48564809ce6fab8fa2325a1e3f4a16 11004 python optional waitress_1.4.4-1.1+deb11u1.debian.tar.xz 4a0f033398d31733f342dda918635c07 7069 python optional waitress_1.4.4-1.1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYn7H7xQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2LdMAQD/GnlkeJndNlajquxU/V4xWhMXMSty h3S/yhsndvoLBQD/cGx0dqX/dXlvV5DlzazQzEfzP22kc3CeMs2wRXt6XwY= =qAHv -----END PGP SIGNATURE-----