python/python-h11
SHA256
15
0
Fork 0
forked from pool/python-h11
Code Pull Requests Activity

- Update 0.16.0:

Browse Source 
* Security fix (CVE-2025-43859, bsc#1241872)
    Reject certain malformed Transfer-Encoding: chunked bodies that
    were previously accepted. These could have enabled
    request-smuggling attacks when an h11-based HTTP server was placed
    behind a load balancer with a matching bug in its chunked
    handling.
    Advisory with more details:
    https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
- 0.15.0:
  * Reject Content-Lengths >= 1 zettabyte (1 billion terabytes) early,
    without attempting to parse the integer (#181)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-h11?expand=0&rev=25
This commit is contained in:
Daniel Garcia
2025-04-25 07:30:03 +00:00
committed by Git OBS Bridge
parent fa2f3c3a4e
commit 38759c5ca5
4 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
python-h11.changes
View File

@@ -1,3 +1,20 @@
-------------------------------------------------------------------
Fri Apr 25 07:26:57 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
- Update 0.16.0:
* Security fix (CVE-2025-43859, bsc#1241872)
Reject certain malformed Transfer-Encoding: chunked bodies that
were previously accepted. These could have enabled
request-smuggling attacks when an h11-based HTTP server was placed
behind a load balancer with a matching bug in its chunked
handling.
Advisory with more details:
https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
- 0.15.0:
* Reject Content-Lengths >= 1 zettabyte (1 billion terabytes) early,
without attempting to parse the integer (#181)
-------------------------------------------------------------------
Mon Jan 29 21:36:32 UTC 2024 - Dirk Müller <dmueller@suse.com>