--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-65a7744e38
2020-02-26 17:58:38.930059
--------------------------------------------------------------------------------
Name : python-waitress
Product : Fedora 31
Version : 1.4.3
Release : 1.fc31
URL :
https://github.com/Pylons/waitress
Summary : Waitress WSGI server
Description :
Waitress is meant to be a production-quality pure-Python WSGI server with
very acceptable performance. It has no dependencies except ones which live
in the Python standard library. It runs on CPython on Unix and Windows under
Python 2.6+ and Python 3.3+. It is also known to run on PyPy 1.6.0+ on UNIX.
It supports HTTP/1.0 and HTTP/1.1.
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.3, fixing CVE-2019-16786 CVE-2019-16785 CVE-2019-16789 and adding
various other hardening features.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 7 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com> - 1.4.3-1
- Update to 1.4.3 Fixes bug #1785591
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 20 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com> - 1.4.2-1
- Update to 1.4.2 Fixes bugs #1785591 #1789807 #1789809 #1789810 #1791415
* Thu Jan 16 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com> - 1.4.1-1
- Update to 1.4.1 Fixes bug #1785591
* Wed Dec 25 2019 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com> - 1.4.0-1
- Update to 1.4.0 Fixes bug #1785591
* Sun Oct 6 2019 Kevin Fenzi <kevin(a)scrye.com> - 1.3.1-1
- Update to 1.3.1. Fixes bug #1747075
* Mon Sep 9 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.2.1-5
- Subpackage python2-waitress has been removed
See
https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
* Sat Aug 17 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.2.1-4
- Rebuilt for Python 3.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1791422 - CVE-2019-16785 python-waitress: waitress: HTTP request smuggling
through LF vs CRLF handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1791422
[ 2 ] Bug #1791416 - CVE-2019-16786 python-waitress: waitress: HTTP request smuggling
through invalid Transfer-Encoding [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1791416
[ 3 ] Bug #1789809 - CVE-2019-16789 python-waitress: waitress: HTTP Request Smuggling
through Invalid whitespace characters in headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1789809
[ 4 ] Bug #1785591 - python-waitress-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1785591
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-65a7744e38' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------