UbuntuUpdates.org

Package "python-werkzeug-doc"

Name: python-werkzeug-doc

Description:

documentation for the werkzeug Python library (docs)

Latest version: 0.14.1+dfsg1-1ubuntu0.2
Release: bionic (18.04)
Level: updates
Repository: main
Head package: python-werkzeug
Homepage: http://werkzeug.pocoo.org/

Links


Download "python-werkzeug-doc"


Other versions of "python-werkzeug-doc" in Bionic

Repository Area Version
base main 0.14.1+dfsg1-1
security main 0.14.1+dfsg1-1ubuntu0.2

Changelog

Version: 0.14.1+dfsg1-1ubuntu0.2 2023-03-14 05:06:53 UTC

  python-werkzeug (0.14.1+dfsg1-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Shadow cookie with nameless cookie
    - debian/patches/CVE-2023-23934.patch: don't strip leading = when
      parsing cookie.
    - CVE-2023-23934
  * SECURITY UPDATE: DoS when processing unlimited multipart form data parts
    - debian/patches/CVE-2023-25577.patch: limit the maximum number of
      multipart form parts.
    - CVE-2023-25577

 -- Fabian Toepfer <email address hidden> Fri, 10 Mar 2023 14:56:53 +0100

Source diff to previous version
CVE-2023-23934 Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vul
CVE-2023-25577 Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited numbe

Version: 0.14.1+dfsg1-1ubuntu0.1 2020-12-01 17:07:37 UTC

  python-werkzeug (0.14.1+dfsg1-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Insufficient randomness in PIN
    - debian/patches/CVE-2019-14806.patch: make an unique debugger pin
      in Docker containers werkzeub/debub/__init__.py.
    - CVE-2019-14806

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 30 Nov 2020 10:24:10 -0300

CVE-2019-14806 Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.



About   -   Send Feedback to @ubuntu_updates