FEDORA-EPEL-2020-fa8a2e97c6 created by kevin 7 months ago for Fedora EPEL 7
stable

Update to 1.4.3 to fix a number of CVEs: CVE-2019-16786 CVE-2019-16785 CVE-2019-16789

Note: This is a large jump in versions for epel7, but as far as I can see there's no incompatible changes in the changelog.

Please test!

This update has been submitted for testing by kevin.

7 months ago

This update's test gating status has been changed to 'waiting'.

7 months ago

This update's test gating status has been changed to 'ignored'.

7 months ago

This update has been pushed to testing.

7 months ago

This update can be pushed to stable now if the maintainer wishes

6 months ago

This update's test gating status has been changed to 'greenwave_failed'.

5 months ago

This update's test gating status has been changed to 'ignored'.

5 months ago
User Icon pgreco commented & provided feedback 3 weeks ago

Doing some cleanup, can we release or drop this? Stable by time is disabled, but it has been waiting for over 6 months

This update has been submitted for stable by kevin.

3 weeks ago

This update has been pushed to stable.

3 weeks ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
7 months ago
in testing
7 months ago
in stable
3 weeks ago
BZ#1468175 Backport security fix from v1.0.0 to prevent header spoofing via underscore/dash conflation
0
0
BZ#1785591 python-waitress-1.4.3 is available
0
0
BZ#1789810 CVE-2019-16789 python-waitress: waitress: HTTP Request Smuggling through Invalid whitespace characters in headers [epel-all]
0
0
BZ#1791417 CVE-2019-16786 python-waitress: waitress: HTTP request smuggling through invalid Transfer-Encoding [epel-all]
0
0
BZ#1791421 CVE-2019-16785 python-waitress: waitress: HTTP request smuggling through LF vs CRLF handling [epel-all]
0
0

Automated Test Results