Debian Package Tracker
Register | Log in
Subscribe

python-uvicorn

Choose email to subscribe with

general
  • source: python-uvicorn (main)
  • version: 0.13.3-1
  • maintainer: Debian Python Team (DMD)
  • uploaders: Michael Fladischer [DMD]
  • arch: all
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • stable: 0.3.24-1
  • testing: 0.13.3-1
  • unstable: 0.13.3-1
versioned links
  • 0.3.24-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.13.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • python-uvicorn-doc
  • python3-uvicorn
  • uvicorn
action needed
Marked for autoremoval on 21 May due to yarl: #986525 high
Version 0.13.3-1 of python-uvicorn is marked for autoremoval from testing on Fri 21 May 2021. It depends (transitively) on yarl, affected by #986525. You should try to prevent the removal by fixing these RC bugs.
Created: 2021-04-14 Last update: 2021-04-17 03:04
Problems while searching for a new upstream version high
uscan had problems while searching for a new upstream version:
In debian/watch no matching files for watch line
  https://github.com/encode/uvicorn/releases /encode/uvicorn/archive/([\d\.]+)\.tar\.gz
Created: 2021-03-22 Last update: 2021-04-16 21:32
lintian reports 1 error and 2 warnings high
Lintian reports 1 error and 2 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-01-27 Last update: 2021-01-27 03:04
2 low-priority security issues in buster low

There are 2 open security issues in buster.

2 issues left for the package maintainer to handle:
  • CVE-2020-7694: (needs triaging) This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file).
  • CVE-2020-7695: (needs triaging) Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-03-21 19:04
news
[rss feed]
  • [2021-01-14] python-uvicorn 0.13.3-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-09] Accepted python-uvicorn 0.13.3-1 (source) into unstable (Sandro Tosi)
  • [2020-11-10] python-uvicorn 0.11.5-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-16] python-uvicorn REMOVED from testing (Debian testing watch)
  • [2020-07-16] Accepted python-uvicorn 0.11.5-1 (source) into unstable (Michael Fladischer)
  • [2020-06-26] python-uvicorn 0.11.3-1 MIGRATED to testing (Debian testing watch)
  • [2020-04-23] python-uvicorn REMOVED from testing (Debian testing watch)
  • [2020-03-07] python-uvicorn 0.11.3-1 MIGRATED to testing (Debian testing watch)
  • [2020-02-25] Accepted python-uvicorn 0.11.3-1 (source) into unstable (Michael Fladischer)
  • [2020-02-02] python-uvicorn 0.11.2-1 MIGRATED to testing (Debian testing watch)
  • [2020-01-23] Accepted python-uvicorn 0.11.2-1 (source) into unstable (Michael Fladischer)
  • [2020-01-10] python-uvicorn 0.11.1-1 MIGRATED to testing (Debian testing watch)
  • [2019-12-28] Accepted python-uvicorn 0.11.1-1 (source) into unstable (Michael Fladischer)
  • [2019-01-17] python-uvicorn 0.3.24-1 MIGRATED to testing (Debian testing watch)
  • [2019-01-06] Accepted python-uvicorn 0.3.24-1 (source all) into unstable (Michael Fladischer)
  • [2019-01-05] python-uvicorn 0.3.23-1 MIGRATED to testing (Debian testing watch)
  • [2018-12-24] python-uvicorn REMOVED from testing (Debian testing watch)
  • [2018-12-23] Accepted python-uvicorn 0.3.23-1 (source all) into unstable (Michael Fladischer)
  • [2018-12-22] Accepted python-uvicorn 0.3.22-2 (source) into unstable (Dmitry Shachnev)
  • [2018-12-18] Accepted python-uvicorn 0.3.22-1 (source all) into unstable (Michael Fladischer)
  • [2018-11-29] python-uvicorn 0.3.21-1 MIGRATED to testing (Debian testing watch)
  • [2018-11-23] python-uvicorn 0.3.20-1 MIGRATED to testing (Debian testing watch)
  • [2018-11-22] Accepted python-uvicorn 0.3.21-1 (source all) into unstable (Michael Fladischer)
  • [2018-11-14] Accepted python-uvicorn 0.3.20-1 (source all) into unstable (Michael Fladischer)
  • [2018-11-09] Accepted python-uvicorn 0.3.14-1 (source all) into unstable, unstable (Michael Fladischer)
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian (1, 2)
  • buildd: logs, clang, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.13.3-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing