Security update for python-waitress
This update for python-waitress to 1.4.3 fixes the following security issues:
- CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088).
- CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089).
- CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790).
- CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Tim Serong (tserong)
Fixed bugs
bnc#1160790
VUL-0: CVE-2019-16789: python-waitress: HTTP Request Smuggling through Invalid whitespace characters
bnc#1161088
VUL-0: CVE-2019-16785: python-waitress: HTTP request smuggling through LF vs CRLF handling
bnc#1161089
VUL-0: CVE-2019-16786: python-waitress: HTTP request smuggling through invalid Transfer-Encoding
bnc#1161670
VUL-0: CVE-2019-16792: python-waitress: request smuggling possible by sending the Content-Length header twice
