SUSE_ALP_Standard/patchinfo.20241220134146182953.90520734224245/_patchinfo

<patchinfo>
  <!-- generated from request(s) 355975 -->
  <issue tracker="bnc" id="1223098">VUL-0: CVE-2024-27306: python-aiohttp: XSS on index pages for static file handling</issue>
  <issue tracker="bnc" id="1223726">VUL-0: CVE-2024-30251: python-aiohttp: infinite loop on specially crafted POST request</issue>
  <issue tracker="bnc" id="1233447">VUL-0: CVE-2024-52304: python-aiohttp: vulnerable to request smuggling due to incorrect parsing of chunk extensions</issue>
  <issue tracker="cve" id="2024-27306"/>
  <issue tracker="cve" id="2024-30251"/>
  <issue tracker="cve" id="2024-52304"/>
  <issue tracker="gh" id="aio-libs/aiohttp#8319"/>
  <packager>dgarcia</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python-aiohttp</summary>
  <description>This update for python-aiohttp fixes the following issues:

- CVE-2024-27306: Fixed XSS on index pages for static file handling (bsc#1223098)
- CVE-2024-30251: Fixed infinite loop on specially crafted POST request (bsc#1223726)
- CVE-2024-52304: Fixed vulnerable to request smuggling due to incorrect parsing of chunk extensions (bsc#1233447)
</description>
  <package>python-aiohttp</package>
  <seperate_build_arch/>
</patchinfo>
Adding patchinfo patchinfo.20241220134146182953.90520734224245 2024-12-23 20:49:06 +01:00			`<patchinfo>`
			`<!-- generated from request(s) 355975 -->`
			`<issue tracker="bnc" id="1223098">VUL-0: CVE-2024-27306: python-aiohttp: XSS on index pages for static file handling</issue>`
			`<issue tracker="bnc" id="1223726">VUL-0: CVE-2024-30251: python-aiohttp: infinite loop on specially crafted POST request</issue>`
			`<issue tracker="bnc" id="1233447">VUL-0: CVE-2024-52304: python-aiohttp: vulnerable to request smuggling due to incorrect parsing of chunk extensions</issue>`
			`<issue tracker="cve" id="2024-27306"/>`
			`<issue tracker="cve" id="2024-30251"/>`
			`<issue tracker="cve" id="2024-52304"/>`
			`<issue tracker="gh" id="aio-libs/aiohttp#8319"/>`
			`<packager>dgarcia</packager>`
			`<rating>moderate</rating>`
			`<category>security</category>`
			`<summary>Security update for python-aiohttp</summary>`
			`<description>This update for python-aiohttp fixes the following issues:`

			`- CVE-2024-27306: Fixed XSS on index pages for static file handling (bsc#1223098)`
			`- CVE-2024-30251: Fixed infinite loop on specially crafted POST request (bsc#1223726)`
			`- CVE-2024-52304: Fixed vulnerable to request smuggling due to incorrect parsing of chunk extensions (bsc#1233447)`
			`</description>`
			`<package>python-aiohttp</package>`
			`<seperate_build_arch/>`
			`</patchinfo>`