Debian Package Tracker
Register | Log in
Subscribe

python-uvicorn

Choose email to subscribe with

general
  • source: python-uvicorn (main)
  • version: 0.17.6-1
  • maintainer: Debian Python Team (DMD)
  • uploaders: Michael Fladischer [DMD]
  • arch: all
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • oldstable: 0.3.24-1
  • stable: 0.13.3-1
  • testing: 0.17.6-1
  • unstable: 0.17.6-1
versioned links
  • 0.3.24-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.13.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 0.17.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • python-uvicorn-doc
  • python3-uvicorn
  • uvicorn
action needed
lintian reports 2 warnings high
Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-01-27 Last update: 2021-11-05 04:34
Fails to build during reproducibility testing normal
A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!
Created: 2022-04-06 Last update: 2022-05-27 19:34
1 new commit since last upload, is it time to release? normal
vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:
commit d93e1cadad36c58d39d27cc8451258f369ac272b
Author: Andreas Tille <tille@debian.org>
Date:   Mon Apr 4 17:42:03 2022 +0200

    Forwarded patch
Created: 2022-04-04 Last update: 2022-05-25 00:41
2 low-priority security issues in buster low

There are 2 open security issues in buster.

2 issues left for the package maintainer to handle:
  • CVE-2020-7694: (needs triaging) This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file).
  • CVE-2020-7695: (needs triaging) Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2022-04-06 07:05
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).
Created: 2022-05-11 Last update: 2022-05-11 23:24
news
[rss feed]
  • [2022-04-06] python-uvicorn 0.17.6-1 MIGRATED to testing (Debian testing watch)
  • [2022-04-04] Accepted python-uvicorn 0.17.6-1 (source) into unstable (Andreas Tille)
  • [2021-12-03] python-uvicorn 0.15.0-2 MIGRATED to testing (Debian testing watch)
  • [2021-12-01] Accepted python-uvicorn 0.15.0-2 (source) into unstable (Sandro Tosi)
  • [2021-11-30] python-uvicorn 0.15.0-1 MIGRATED to testing (Debian testing watch)
  • [2021-11-30] python-uvicorn 0.15.0-1 MIGRATED to testing (Debian testing watch)
  • [2021-11-25] Accepted python-uvicorn 0.15.0-1 (source) into unstable (Sandro Tosi)
  • [2021-01-14] python-uvicorn 0.13.3-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-09] Accepted python-uvicorn 0.13.3-1 (source) into unstable (Sandro Tosi)
  • [2020-11-10] python-uvicorn 0.11.5-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-16] python-uvicorn REMOVED from testing (Debian testing watch)
  • [2020-07-16] Accepted python-uvicorn 0.11.5-1 (source) into unstable (Michael Fladischer)
  • [2020-06-26] python-uvicorn 0.11.3-1 MIGRATED to testing (Debian testing watch)
  • [2020-04-23] python-uvicorn REMOVED from testing (Debian testing watch)
  • [2020-03-07] python-uvicorn 0.11.3-1 MIGRATED to testing (Debian testing watch)
  • [2020-02-25] Accepted python-uvicorn 0.11.3-1 (source) into unstable (Michael Fladischer)
  • [2020-02-02] python-uvicorn 0.11.2-1 MIGRATED to testing (Debian testing watch)
  • [2020-01-23] Accepted python-uvicorn 0.11.2-1 (source) into unstable (Michael Fladischer)
  • [2020-01-10] python-uvicorn 0.11.1-1 MIGRATED to testing (Debian testing watch)
  • [2019-12-28] Accepted python-uvicorn 0.11.1-1 (source) into unstable (Michael Fladischer)
  • [2019-01-17] python-uvicorn 0.3.24-1 MIGRATED to testing (Debian testing watch)
  • [2019-01-06] Accepted python-uvicorn 0.3.24-1 (source all) into unstable (Michael Fladischer)
  • [2019-01-05] python-uvicorn 0.3.23-1 MIGRATED to testing (Debian testing watch)
  • [2018-12-24] python-uvicorn REMOVED from testing (Debian testing watch)
  • [2018-12-23] Accepted python-uvicorn 0.3.23-1 (source all) into unstable (Michael Fladischer)
  • [2018-12-22] Accepted python-uvicorn 0.3.22-2 (source) into unstable (Dmitry Shachnev)
  • [2018-12-18] Accepted python-uvicorn 0.3.22-1 (source all) into unstable (Michael Fladischer)
  • [2018-11-29] python-uvicorn 0.3.21-1 MIGRATED to testing (Debian testing watch)
  • [2018-11-23] python-uvicorn 0.3.20-1 MIGRATED to testing (Debian testing watch)
  • [2018-11-22] Accepted python-uvicorn 0.3.21-1 (source all) into unstable (Michael Fladischer)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian (0, 2)
  • buildd: logs, clang, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 0.15.0-2ubuntu1
  • patches for 0.15.0-2ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing