Add CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch

Reject control characters in http cookies (bsc#1257031, CVE-2026-0672).
2026-01-29 14:05:31 +01:00
parent 79a850acd8
commit 350c926ec4
3 changed files with 197 additions and 0 deletions
--- a/python313.spec
+++ b/python313.spec
@@ -245,6 +245,9 @@ Patch49:        CVE-2024-6923-follow-up-EOL-email-headers.patch
 # PATCH-FIX-UPSTREAM CVE-2025-11468-email-hdr-fold-comment.patch bsc#1257029 mcepl@suse.com
 # Email preserve parens when folding comments
 Patch50:        CVE-2025-11468-email-hdr-fold-comment.patch
+# PATCH-FIX-UPSTREAM CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch bsc#1257031 mcepl@suse.com
+# Reject control characters in http cookies
+Patch51:        CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
 #### END OF PATCHES
 BuildRequires:  autoconf-archive
 BuildRequires:  automake