Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted python-aiohttp 3.9.5-1 (source) into unstable
Date: Sun, 16 Jun 2024 12:05:22 +0000
Signed by: Colin Watson <cjwatson@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 16 Jun 2024 12:39:52 +0100
Source: python-aiohttp
Architecture: source
Version: 3.9.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1062708 1062709 1070364 1070665
Changes:
 python-aiohttp (3.9.5-1) unstable; urgency=medium
 .
   * Team upload.
   * Use pybuild-plugin-pyproject.
   * New upstream release:
     - CVE-2024-23829: Python HTTP parser still overly lenient about
       separators (closes: #1062708).
     - CVE-2024-23334: aiohttp.web.static(follow_symlinks=True) is vulnerable
       to directory traversal (closes: #1062709).
     - CVE-2024-30251: DoS when trying to parse malformed POST requests
       (closes: #1070364).
     - CVE-2024-27306: XSS on index pages for static file handling (closes:
       #1070665).
   * Standards-Version: 3.7.0 (no changes required).
Checksums-Sha1:
 d288a65fa8f8065ecebbc31c9ce616223f97e11e 2559 python-aiohttp_3.9.5-1.dsc
 ea93f981c278c7a46157a4aab6088a3d933ce0c8 7504841 python-aiohttp_3.9.5.orig.tar.gz
 821c85b6c30ceeca490767c7f7ec2fbd5e755b9c 7740 python-aiohttp_3.9.5-1.debian.tar.xz
 07ad80d5996b6a65fda2f8de5a42b304abd8e200 7728 python-aiohttp_3.9.5-1_source.buildinfo
Checksums-Sha256:
 764d5b9fb904114fb507e1e31c809c8bb80847ea498ed12873c8e6bde242e79b 2559 python-aiohttp_3.9.5-1.dsc
 edea7d15772ceeb29db4aff55e482d4bcfb6ae160ce144f2682de02f6d693551 7504841 python-aiohttp_3.9.5.orig.tar.gz
 6e97d2538d6b30e61f823466f89f3923cbd66c6d11c3c00ff838b0e18bd7302f 7740 python-aiohttp_3.9.5-1.debian.tar.xz
 f61c6dc5e539511a8ffacf8bf00b40e9eb8384576864ab263708540b7a1222d2 7728 python-aiohttp_3.9.5-1_source.buildinfo
Files:
 6727b35aa3877d0ae80e198bd38d8d5a 2559 python optional python-aiohttp_3.9.5-1.dsc
 14829a5ea507c8219e3f679fceeb5585 7504841 python optional python-aiohttp_3.9.5.orig.tar.gz
 b96f47c3d6cc156ded1b9b1827b511dd 7740 python optional python-aiohttp_3.9.5-1.debian.tar.xz
 b103e3474df223de8bf18b866646173f 7728 python optional python-aiohttp_3.9.5-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmZuz0MACgkQOTWH2X2G
UAtW0A/7BG+9G8KTt0FBxw4uzluILbJZpDMCqvOS6uKrj+880l/kB3/glL/qczVl
pFeb64yo4bc2Ls/QjwZ3V085BzEoPClC+AKKX9Sgo5EDWwwyRiLpGtbDUgrxN71U
NH7tX3Y/J4XyD+yVeqbsi1iVi8njTPsJyUiKAEz0hxaPokyCugA9iKJNFDlYmeh9
XWLfcAig2HyGgxUqBqvG8mXjQC6ZmqdIw6RDEJxUow73F45j2Y6gxMvGwrPAcbUD
yz7S9VPSgrSnmmBbNaLY4MD+ATsg3Jg+ryi18DpYHDn4e1E9Yc6TI/f1AJZyr5v4
/tC+nKEQ5xHM5ZsMELLN1TFeCOVAIqYTJLywO18/dnd4l//Z6xMRfEi6H+irn55q
1j1fJYJr2yQSb0HBUlHJIq46/XXTWbWjizH3Fn8GVDerFkYg2JVLcbMhr97amej7
cnDSZcVafEecWoXKiTBftWRSJfHbTQKget9l1rPwue1qrNezGEAmstPhYI6ZCvqM
KmT6UsS6dzQGSaLqAUsJV3hDkVUoUb8WHYrRUo11gtsFiVXGJqjKLh04Q3lDby8o
//m9jYeCjxAmSeRroWctqDNzLaSv0gPnwVN6lpYXEZFuSojrdJw0tJ/9rBjdxrfT
TlenG8tMJ279wpTkIFdyOhGCxBuboEuBNWr60Oh+iCqeH8v4TJ0=
=t1c8
-----END PGP SIGNATURE-----
News for package python-aiohttp
