python-uvicorn - Debian Package Tracker

general

source: python-uvicorn (main)
version: 0.17.6-1
maintainer: Debian Python Team (DMD)
uploaders: Michael Fladischer [DMD]
arch: all
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.3.24-1
stable: 0.13.3-1
testing: 0.17.6-1
unstable: 0.17.6-1

versioned links

0.3.24-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.13.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.17.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python-uvicorn-doc
python3-uvicorn
uvicorn

action needed

lintian reports 2 warnings high

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-11-05 04:34

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2022-04-06 Last update: 2022-05-27 19:34

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit d93e1cadad36c58d39d27cc8451258f369ac272b
Author: Andreas Tille <tille@debian.org>
Date:   Mon Apr 4 17:42:03 2022 +0200

    Forwarded patch

Created: 2022-04-04 Last update: 2022-05-25 00:41

2 low-priority security issues in buster low

There are 2 open security issues in buster.

2 issues left for the package maintainer to handle:

CVE-2020-7694: (needs triaging) This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file).
CVE-2020-7695: (needs triaging) Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2022-04-06 07:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:24

news

[rss feed]

[2022-04-06] python-uvicorn 0.17.6-1 MIGRATED to testing (Debian testing watch)
[2022-04-04] Accepted python-uvicorn 0.17.6-1 (source) into unstable (Andreas Tille)
[2021-12-03] python-uvicorn 0.15.0-2 MIGRATED to testing (Debian testing watch)
[2021-12-01] Accepted python-uvicorn 0.15.0-2 (source) into unstable (Sandro Tosi)
[2021-11-30] python-uvicorn 0.15.0-1 MIGRATED to testing (Debian testing watch)
[2021-11-30] python-uvicorn 0.15.0-1 MIGRATED to testing (Debian testing watch)
[2021-11-25] Accepted python-uvicorn 0.15.0-1 (source) into unstable (Sandro Tosi)
[2021-01-14] python-uvicorn 0.13.3-1 MIGRATED to testing (Debian testing watch)
[2021-01-09] Accepted python-uvicorn 0.13.3-1 (source) into unstable (Sandro Tosi)
[2020-11-10] python-uvicorn 0.11.5-1 MIGRATED to testing (Debian testing watch)
[2020-10-16] python-uvicorn REMOVED from testing (Debian testing watch)
[2020-07-16] Accepted python-uvicorn 0.11.5-1 (source) into unstable (Michael Fladischer)
[2020-06-26] python-uvicorn 0.11.3-1 MIGRATED to testing (Debian testing watch)
[2020-04-23] python-uvicorn REMOVED from testing (Debian testing watch)
[2020-03-07] python-uvicorn 0.11.3-1 MIGRATED to testing (Debian testing watch)
[2020-02-25] Accepted python-uvicorn 0.11.3-1 (source) into unstable (Michael Fladischer)
[2020-02-02] python-uvicorn 0.11.2-1 MIGRATED to testing (Debian testing watch)
[2020-01-23] Accepted python-uvicorn 0.11.2-1 (source) into unstable (Michael Fladischer)
[2020-01-10] python-uvicorn 0.11.1-1 MIGRATED to testing (Debian testing watch)
[2019-12-28] Accepted python-uvicorn 0.11.1-1 (source) into unstable (Michael Fladischer)
[2019-01-17] python-uvicorn 0.3.24-1 MIGRATED to testing (Debian testing watch)
[2019-01-06] Accepted python-uvicorn 0.3.24-1 (source all) into unstable (Michael Fladischer)
[2019-01-05] python-uvicorn 0.3.23-1 MIGRATED to testing (Debian testing watch)
[2018-12-24] python-uvicorn REMOVED from testing (Debian testing watch)
[2018-12-23] Accepted python-uvicorn 0.3.23-1 (source all) into unstable (Michael Fladischer)
[2018-12-22] Accepted python-uvicorn 0.3.22-2 (source) into unstable (Dmitry Shachnev)
[2018-12-18] Accepted python-uvicorn 0.3.22-1 (source all) into unstable (Michael Fladischer)
[2018-11-29] python-uvicorn 0.3.21-1 MIGRATED to testing (Debian testing watch)
[2018-11-23] python-uvicorn 0.3.20-1 MIGRATED to testing (Debian testing watch)
[2018-11-22] Accepted python-uvicorn 0.3.21-1 (source all) into unstable (Michael Fladischer)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 2)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.15.0-2ubuntu1
patches for 0.15.0-2ubuntu1