From 10ba334e715d226b01c9b8026e1f3de4e18fc581ed7bc8d1a6ad2501dcbbceb1 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Tue, 14 May 2024 10:02:10 +0000
Subject: [PATCH] Accepting request 1173924 from
 home:glaubitz:branches:devel:languages:python

- Add missing Bugzilla and CVE references

OBS-URL: https://build.opensuse.org/request/show/1173924
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-aiohttp?expand=0&rev=125
---
 python-aiohttp.changes | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/python-aiohttp.changes b/python-aiohttp.changes
index 4187c17..3b78867 100644
--- a/python-aiohttp.changes
+++ b/python-aiohttp.changes
@@ -8,6 +8,7 @@ Sat Apr 20 13:59:35 UTC 2024 - Dirk Müller <dmueller@suse.com>
     Disposition to the form-data part after appending to writer
   * Added default Content-Disposition in multipart/form-data
     responses to avoid broken form-data responses
+- from version 3.9.4
   * The asynchronous internals now set the underlying causes when
     assigning exceptions to the future objects
   * Treated values of Accept-Encoding header as case-insensitive
@@ -30,7 +31,7 @@ Sat Apr 20 13:59:35 UTC 2024 - Dirk Müller <dmueller@suse.com>
   * Fixed multipart/form-data compliance with RFC 7578
   * Fixed blocking I/O in the event loop while processing files
     in a POST request
-  * Escaped filenames in static view
+  * Escaped filenames in static view (bsc#1223098, CVE-2024-27306)
   * Fixed the pure python parser to mark a connection as closing
     when a response has no length
   * Upgraded llhttp to 9.2.1, and started rejecting obsolete line