Overview

Request 1219318 superseded

- Update to 3.0.1 (bsc#1232554, CVE-2024-49769):
* Fix a bug that would lead to Waitress busy looping on select()
on a half-open socket due to a race condition that existed when
creating a new HTTPChannel. See
https://github.com/Pylons/waitress/pull/435,
https://github.com/Pylons/waitress/issues/418 and
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
* No longer strip the header values before passing them to the
WSGI environ. See https://github.com/Pylons/waitress/pull/434
and https://github.com/Pylons/waitress/issues/432
* Fix a race condition in Waitress when
`channel_request_lookahead` is enabled that could lead to HTTP
request smuggling.
* See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

Request History
Daniel Garcia's avatar

dgarcia created request

- Update to 3.0.1 (bsc#1232554, CVE-2024-49769):
* Fix a bug that would lead to Waitress busy looping on select()
on a half-open socket due to a race condition that existed when
creating a new HTTPChannel. See
https://github.com/Pylons/waitress/pull/435,
https://github.com/Pylons/waitress/issues/418 and
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
* No longer strip the header values before passing them to the
WSGI environ. See https://github.com/Pylons/waitress/pull/434
and https://github.com/Pylons/waitress/issues/432
* Fix a race condition in Waitress when
`channel_request_lookahead` is enabled that could lead to HTTP
request smuggling.
* See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj


Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources


Factory Auto's avatar

factory-auto accepted review

Check script succeeded


Saul Goodman's avatar

licensedigger accepted review

ok


Daniel Garcia's avatar

dgarcia superseded request

superseded by 1219322

openSUSE Build Service is sponsored by