UbuntuUpdates.org

Package "python-werkzeug"

Name: python-werkzeug

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • collection of utilities for WSGI applications

Latest version: 0.10.4+dfsg1-1ubuntu1.2
Release: xenial (16.04)
Level: security
Repository: universe

Links



Other versions of "python-werkzeug" in Xenial

Repository Area Version
base universe 0.10.4+dfsg1-1ubuntu1
base main 0.10.4+dfsg1-1ubuntu1
security main 0.10.4+dfsg1-1ubuntu1.2
updates main 0.10.4+dfsg1-1ubuntu1.2
updates universe 0.10.4+dfsg1-1ubuntu1.2
PPA: Postgresql 0.16.0+dfsg1-1
PPA: Postgresql 0.16.0+dfsg1-1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.10.4+dfsg1-1ubuntu1.2 2020-12-01 17:07:34 UTC

  python-werkzeug (0.10.4+dfsg1-1ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Open redirect vulnerability
    - debian/patches/CVE-2020-28724.patch: serving absolute request URLs,
      adding tests werkzeug/serving.py, tests/test_serving.py.
    - CVE-2020-28724

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 30 Nov 2020 10:37:20 -0300

Source diff to previous version
CVE-2020-28724 Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.

Version: 0.10.4+dfsg1-1ubuntu1.1 2017-10-25 20:06:40 UTC

  python-werkzeug (0.10.4+dfsg1-1ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Cross-site vulnerability in render_full function allows
    attackers to inject arbitrary script or HTML.
    - debian/patches/CVE-2016-10516.patch: in werkzeub/debug/tbtools.py.
    - CVE-2016-10516

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Oct 2017 17:16:25 -0300

CVE-2016-10516 Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used



About   -   Send Feedback to @ubuntu_updates