[Git][security-tracker-team/security-tracker][master] Reserve DLA-4613-1 for python-aiohttp

Sun, 31 May 2026 21:43:20 -0700 


Daniel Leidert pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d407f8b5 by Daniel Leidert at 2026-06-01T06:42:51+02:00
Reserve DLA-4613-1 for python-aiohttp

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -138357,7 +138357,6 @@ CVE-2025-53643 (AIOHTTP is an asynchronous HTTP 
client/server framework for asyn
        - python-aiohttp 3.12.15-1 (bug #1109336)
        [trixie] - python-aiohttp <no-dsa> (Minor issue)
        [bookworm] - python-aiohttp <no-dsa> (Minor issue)
-       [bullseye] - python-aiohttp <postponed> (Minor issue; request smuggling)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
 (v3.12.14)
 CVE-2025-7628 (A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up 
to 5fb ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Jun 2026] DLA-4613-1 python-aiohttp - security update
+       {CVE-2025-53643 CVE-2025-69224 CVE-2025-69225 CVE-2025-69226 
CVE-2025-69227 CVE-2025-69228 CVE-2025-69229 CVE-2026-22815 CVE-2026-34513 
CVE-2026-34514 CVE-2026-34516 CVE-2026-34517 CVE-2026-34518 CVE-2026-34519 
CVE-2026-34520 CVE-2026-34525}
+       [bullseye] - python-aiohttp 3.7.4-1+deb11u2
 [31 May 2026] DLA-4612-1 sentry-python - security update
        {CVE-2024-40647}
        [bullseye] - sentry-python 0.13.2-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -484,10 +484,6 @@ pypdf2 (dleidert)
   NOTE: 20260328: Added by Front-Desk (Beuc)
   NOTE: 20260328: 6 new CVEs, and lots of postponed issues piled-up 
(Beuc/front-desk)
 --
-python-aiohttp (dleidert)
-  NOTE: 20260106: Added by Front-Desk (lamby)
-  NOTE: 20260301: WIP: making progress backporting the patches (dleidert)
---
 qemu
   NOTE: 20260520: Added by Front-Desk (Beuc)
   NOTE: 20260520: Many postponed CVEs piled up (Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d407f8b51a69cbdfe76f9c643df589c3696f3e46

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d407f8b51a69cbdfe76f9c643df589c3696f3e46
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to