From d5e817803c3ba17fc889305d58b79d469920477aaf263ad9f3d98709a5278824 Mon Sep 17 00:00:00 2001
From: Steve Kowalik <steven.kowalik@suse.com>
Date: Fri, 9 Jan 2026 04:18:59 +0000
Subject: [PATCH] + Check for ASCII in header values       (bsc#1256018,
 CVE-2025-69224, GHSA-69f9-5gxw-wvc2)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-aiohttp?expand=0&rev=167
---
 python-aiohttp.changes | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/python-aiohttp.changes b/python-aiohttp.changes
index f0109cd..65ad276 100644
--- a/python-aiohttp.changes
+++ b/python-aiohttp.changes
@@ -6,6 +6,8 @@ Fri Jan  9 01:40:14 UTC 2026 - Steve Kowalik <steven.kowalik@suse.com>
     + Brotli and brotlicffi minimum version is now 1.2. Decompression now has
       a default maximum output size of 32MiB per decompress call
       (bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg)
+    + Check for ASCII in header values
+      (bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2)
     + Forbid non-ASCII decimals in the Range header
       (bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8)
     + Reject static URLs that traverse outside static root