Overview

File _patchinfo of Package patchinfo.17022

<patchinfo incident="17022">
  <issue tracker="bnc" id="1160790">VUL-0: CVE-2019-16789: python-waitress: HTTP Request Smuggling through Invalid whitespace characters</issue>
  <issue tracker="bnc" id="1161088">VUL-0: CVE-2019-16785: python-waitress: HTTP request smuggling through LF vs CRLF handling</issue>
  <issue tracker="bnc" id="1161089">VUL-0: CVE-2019-16786: python-waitress: HTTP request smuggling through invalid Transfer-Encoding</issue>
  <issue tracker="bnc" id="1161670">VUL-0: CVE-2019-16792: python-waitress: request smuggling possible by sending the Content-Length header twice</issue>
  <issue tracker="cve" id="2019-16785"/>
  <issue tracker="cve" id="2019-16786"/>
  <issue tracker="cve" id="2019-16789"/>
  <issue tracker="cve" id="2019-16792"/>
  <packager>tserong</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python-waitress</summary>
  <description>This update for python-waitress to 1.4.3 fixes the following security issues:

- CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088).
- CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089).
- CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790).
- CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places