SUSE-SU-2020:3292-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3292-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2020:3292-1
- Related
- Published
- 2020-11-11T11:27:32Z
- Modified
- 2020-11-11T11:27:32Z
- Summary
- Security update for python-waitress
- Details
-
This update for python-waitress to version 1.4.3 fixes the following security issues:
- CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088).
- CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089).
- CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790).
- CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670).
- References
-
- https://www.suse.com/support/update/announcement/2020/suse-su-20203292-1/
- https://bugzilla.suse.com/1160790
- https://bugzilla.suse.com/1161088
- https://bugzilla.suse.com/1161089
- https://bugzilla.suse.com/1161670
- https://www.suse.com/security/cve/CVE-2019-16785
- https://www.suse.com/security/cve/CVE-2019-16786
- https://www.suse.com/security/cve/CVE-2019-16789
- https://www.suse.com/security/cve/CVE-2019-16792