Fix d/changelog and patch headers.
Thomas Goirand
1 year, 5 days ago
0 | |
python-werkzeug (2.2.2-3) UNRELEASED; urgency=medium
|
1 | |
|
|
0 |
python-werkzeug (2.2.2-3) unstable; urgency=medium
|
|
1 |
|
|
2 |
[ Robin Gustafsson ]
|
2 | 3 |
* Fix security vulnerabilities
|
3 | 4 |
(CVE-2023-23934, CVE-2023-25577, Closes: #1031370)
|
4 | 5 |
|
5 | |
-- Robin Gustafsson <robin@rgson.se> Thu, 20 Apr 2023 21:17:00 +0200
|
|
6 |
-- Thomas Goirand <zigo@debian.org> Fri, 21 Apr 2023 13:37:22 +0200
|
6 | 7 |
|
7 | 8 |
python-werkzeug (2.2.2-2) unstable; urgency=medium
|
8 | 9 |
|
0 | |
From: David Lord <davidism@gmail.com>
|
|
0 |
Description: CVE-2023-23934: don't strip leading = when parsing cookie
|
|
1 |
Applied-Upstream: 2.2.3
|
|
2 |
Author: David Lord <davidism@gmail.com>
|
1 | 3 |
Date: Tue, 31 Jan 2023 14:29:34 -0800
|
2 | |
Subject: don't strip leading = when parsing cookie
|
3 | |
|
4 | |
Fixes CVE-2023-23934
|
5 | |
|
6 | |
Origin: https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
|
7 | |
Applied-Upstream: 2.2.3
|
8 | |
---
|
9 | |
src/werkzeug/_internal.py | 13 +++++++++----
|
10 | |
src/werkzeug/sansio/http.py | 4 ----
|
11 | |
tests/test_http.py | 4 +++-
|
12 | |
3 files changed, 12 insertions(+), 9 deletions(-)
|
|
4 |
Origin: upstream, https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028
|
|
5 |
Bug-Debian: https://bugs.debian.org/1031370
|
|
6 |
Last-Update: 2023-04-21
|
13 | 7 |
|
14 | 8 |
diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
|
15 | 9 |
index 4636647..f95207a 100644
|
0 | |
From: David Lord <davidism@gmail.com>
|
|
0 |
Description: CVE-2023-25577: limit the maximum number of multipart form parts
|
|
1 |
Applied-Upstream: 2.2.3
|
|
2 |
Author: David Lord <davidism@gmail.com>
|
1 | 3 |
Date: Tue, 14 Feb 2023 09:08:57 -0800
|
2 | |
Subject: limit the maximum number of multipart form parts
|
3 | |
|
4 | |
Fixes CVE-2023-25577
|
5 | |
|
6 | |
Origin: https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
|
7 | |
Applied-Upstream: 2.2.3
|
8 | |
---
|
9 | |
docs/request_data.rst | 37 ++++++++++++++++++++-----------------
|
10 | |
src/werkzeug/formparser.py | 12 +++++++++++-
|
11 | |
src/werkzeug/sansio/multipart.py | 8 ++++++++
|
12 | |
src/werkzeug/wrappers/request.py | 8 ++++++++
|
13 | |
tests/test_formparser.py | 9 +++++++++
|
14 | |
5 files changed, 56 insertions(+), 18 deletions(-)
|
|
4 |
Origin: upstream, https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1
|
|
5 |
Bug-Debian: https://bugs.debian.org/1031370
|
|
6 |
Last-Update: 2023-04-21
|
15 | 7 |
|
16 | 8 |
diff --git a/docs/request_data.rst b/docs/request_data.rst
|
17 | 9 |
index 83c6278..e55841e 100644
|