2022-07-18
ALT-BU-2022-5532-1
Branch sisyphus_riscv64 update bulletin.
Package python3-module-bottle updated to version 0.12.21-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2022-06-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-31799
Bottle before 0.12.20 mishandles errors during early request binding.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c
- https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
- https://github.com/bottlepy/bottle/compare/0.12.19...0.12.20
- https://lists.debian.org/debian-lts-announce/2022/06/msg00010.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE7U6J45PUEXIYYVWJKPM6QXIRKDK4HD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTLOQGMDZEPIYTFC2G53OQV2ULCGYS3F/
- https://www.debian.org/security/2022/dsa-5159
- https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c
- https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00
- https://github.com/bottlepy/bottle/compare/0.12.19...0.12.20
- https://lists.debian.org/debian-lts-announce/2022/06/msg00010.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IE7U6J45PUEXIYYVWJKPM6QXIRKDK4HD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KTLOQGMDZEPIYTFC2G53OQV2ULCGYS3F/
- https://www.debian.org/security/2022/dsa-5159
Package python3-module-httpx updated to version 0.23.0-alt2 for branch sisyphus_riscv64.
Closed vulnerabilities
Published: 2022-11-30
BDU:2022-07059
Уязвимость библиотеки Encode OSS HTTPX, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: CRITICAL (9.1)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL (9.4)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N
References:
Published: 2022-04-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-41945
Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.
Severity: MEDIUM (6.4)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Severity: CRITICAL (9.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References:
- http://encode.com
- https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
- https://github.com/encode/httpx
- https://github.com/encode/httpx/discussions/1831
- https://github.com/encode/httpx/issues/2184
- https://github.com/encode/httpx/releases/tag/0.23.0
- http://encode.com
- https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571
- https://github.com/encode/httpx
- https://github.com/encode/httpx/discussions/1831
- https://github.com/encode/httpx/issues/2184
- https://github.com/encode/httpx/releases/tag/0.23.0
Package installer-alterator-pkg updated to version 3.0.1-alt1 for branch sisyphus_riscv64.
Closed bugs
Groups multiple lists