Overview

File _patchinfo of Package patchinfo.42491

<patchinfo incident="42491">
  <issue tracker="cve" id="2025-69223"/>
  <issue tracker="cve" id="2025-69228"/>
  <issue tracker="cve" id="2025-69224"/>
  <issue tracker="cve" id="2025-69227"/>
  <issue tracker="cve" id="2025-69226"/>
  <issue tracker="cve" id="2025-69229"/>
  <issue tracker="cve" id="2025-69225"/>
  <issue tracker="bnc" id="1256022">VUL-0: CVE-2025-69228: python-aiohttp: Denial of service through large payloads</issue>
  <issue tracker="bnc" id="1256019">VUL-0: CVE-2025-69225: python-aiohttp: Unicode match groups in regexes for ASCII protocol elements</issue>
  <issue tracker="bnc" id="1256018">VUL-0: CVE-2025-69224: python-aiohttp: Unicode processing of header values could cause parsing discrepancies</issue>
  <issue tracker="bnc" id="1256017">VUL-0: CVE-2025-69223: python-aiohttp: aiohttp HTTP Parser auto_decompress feature susceptible to zip bomb</issue>
  <issue tracker="bnc" id="1256021">VUL-0: CVE-2025-69227: python-aiohttp: DoS when bypassing asserts</issue>
  <issue tracker="bnc" id="1256020">VUL-0: CVE-2025-69226: python-aiohttp: Brute-force leak of internal static file path components</issue>
  <issue tracker="bnc" id="1256023">VUL-0: CVE-2025-69229: python-aiohttp: DoS through chunked messages</issue>
  <packager>StevenK</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for python-aiohttp</summary>
  <description>This update for python-aiohttp fixes the following issues:

- CVE-2025-69228: Fixed denial of service through large payloads (bsc#1256022).
- CVE-2025-69226: Fixed brute-force leak of internal static file path components (bsc#1256020).
- CVE-2025-69224: Fixed unicode processing of header values could cause parsing discrepancies (bsc#1256018).
- CVE-2025-69223: Fixed aiohttp HTTP Parser auto_decompress feature susceptible to zip bomb (bsc#1256017).
- CVE-2025-69227: Fixed DoS when bypassing asserts (bsc#1256021).
- CVE-2025-69225: Fixed unicode match groups in regexes for ASCII protocol elements (bsc#1256019).
- CVE-2025-69229: Fixed DoS through chunked messages (bsc#1256023).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places