This is a security release: - In Waitress version 1.4.2 a new regular expression was added to validate the headers that Waitress receives to make sure that it matches RFC7230. Unfortunately the regular expression was written in a way that with invalid input it leads to catastrophic backtracking which allows for a Denial of Service and CPU usage going to a 100%.
Signed-off-by: Pierre-Jean Texier <[email protected]> --- .../python/{python3-waitress_1.4.2.bb => python3-waitress_1.4.3.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-python/recipes-devtools/python/{python3-waitress_1.4.2.bb => python3-waitress_1.4.3.bb} (71%) diff --git a/meta-python/recipes-devtools/python/python3-waitress_1.4.2.bb b/meta-python/recipes-devtools/python/python3-waitress_1.4.3.bb similarity index 71% rename from meta-python/recipes-devtools/python/python3-waitress_1.4.2.bb rename to meta-python/recipes-devtools/python/python3-waitress_1.4.3.bb index 257993f..8ac3e92 100644 --- a/meta-python/recipes-devtools/python/python3-waitress_1.4.2.bb +++ b/meta-python/recipes-devtools/python/python3-waitress_1.4.3.bb @@ -6,7 +6,7 @@ SECTION = "devel/python" LICENSE = "ZPL-2.1" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=78ccb3640dc841e1baecb3e27a6966b2" -SRC_URI[md5sum] = "fdeed7ec32bbba011e90801208378c89" -SRC_URI[sha256sum] = "67a60a376f0eb335ed88967c42b73983a58d66a2a72eb9009a42725f7453b142" +SRC_URI[md5sum] = "4bffad7009d3824ae61ea6c0696e45f6" +SRC_URI[sha256sum] = "045b3efc3d97c93362173ab1dfc159b52cfa22b46c3334ffc805dbdbf0e4309e" inherit setuptools3 pypi -- 2.7.4
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#83875): https://lists.openembedded.org/g/openembedded-devel/message/83875 Mute This Topic: https://lists.openembedded.org/mt/72966900/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
