Codebase list python-werkzeug / debian/latest
Fix d/changelog and patch headers. Thomas Goirand 1 year, 5 days ago
3 changed file(s) with 16 addition(s) and 29 deletion(s). Raw diff Collapse all Expand all
+4
-3
debian/changelog less more
0 python-werkzeug (2.2.2-3) UNRELEASED; urgency=medium
1
0 python-werkzeug (2.2.2-3) unstable; urgency=medium
1
2 [ Robin Gustafsson ]
23 * Fix security vulnerabilities
34 (CVE-2023-23934, CVE-2023-25577, Closes: #1031370)
45
5 -- Robin Gustafsson <robin@rgson.se> Thu, 20 Apr 2023 21:17:00 +0200
6 -- Thomas Goirand <zigo@debian.org> Fri, 21 Apr 2023 13:37:22 +0200
67
78 python-werkzeug (2.2.2-2) unstable; urgency=medium
89
+6
-12
debian/patches/0003-don-t-strip-leading-when-parsing-cookie.patch less more
0 From: David Lord <davidism@gmail.com>
0 Description: CVE-2023-23934: don't strip leading = when parsing cookie
1 Applied-Upstream: 2.2.3
2 Author: David Lord <davidism@gmail.com>
13 Date: Tue, 31 Jan 2023 14:29:34 -0800
2 Subject: don't strip leading = when parsing cookie
3
4 Fixes CVE-2023-23934
5
6 Origin: https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
7 Applied-Upstream: 2.2.3
8 ---
9 src/werkzeug/_internal.py | 13 +++++++++----
10 src/werkzeug/sansio/http.py | 4 ----
11 tests/test_http.py | 4 +++-
12 3 files changed, 12 insertions(+), 9 deletions(-)
4 Origin: upstream, https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
5 Bug-Debian: https://bugs.debian.org/1031370
6 Last-Update: 2023-04-21
137
148 diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
159 index 4636647..f95207a 100644
+6
-14
debian/patches/0004-limit-the-maximum-number-of-multipart-form-parts.patch less more
0 From: David Lord <davidism@gmail.com>
0 Description: CVE-2023-25577: limit the maximum number of multipart form parts
1 Applied-Upstream: 2.2.3
2 Author: David Lord <davidism@gmail.com>
13 Date: Tue, 14 Feb 2023 09:08:57 -0800
2 Subject: limit the maximum number of multipart form parts
3
4 Fixes CVE-2023-25577
5
6 Origin: https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
7 Applied-Upstream: 2.2.3
8 ---
9 docs/request_data.rst | 37 ++++++++++++++++++++-----------------
10 src/werkzeug/formparser.py | 12 +++++++++++-
11 src/werkzeug/sansio/multipart.py | 8 ++++++++
12 src/werkzeug/wrappers/request.py | 8 ++++++++
13 tests/test_formparser.py | 9 +++++++++
14 5 files changed, 56 insertions(+), 18 deletions(-)
4 Origin: upstream, https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
5 Bug-Debian: https://bugs.debian.org/1031370
6 Last-Update: 2023-04-21
157
168 diff --git a/docs/request_data.rst b/docs/request_data.rst
179 index 83c6278..e55841e 100644