--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-bdcc8ffc24
2020-02-25 14:38:36.014256
--------------------------------------------------------------------------------
Name : python-waitress
Product : Fedora 30
Version : 1.4.3
Release : 1.fc30
URL :
https://github.com/Pylons/waitress
Summary : Waitress WSGI server
Description :
Waitress is meant to be a production-quality pure-Python WSGI server with
very acceptable performance. It has no dependencies except ones which live
in the Python standard library. It runs on CPython on Unix and Windows under
Python 2.6+ and Python 3.3+. It is also known to run on PyPy 1.6.0+ on UNIX.
It supports HTTP/1.0 and HTTP/1.1.
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.3, fixing CVE-2019-16786 CVE-2019-16785 CVE-2019-16789 and adding
various other hardening features.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 7 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com> - 1.4.3-1
- Update to 1.4.3 Fixes bug #1785591
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 20 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com> - 1.4.2-1
- Update to 1.4.2 Fixes bugs #1785591 #1789807 #1789809 #1789810 #1791415
* Thu Jan 16 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com> - 1.4.1-1
- Update to 1.4.1 Fixes bug #1785591
* Wed Dec 25 2019 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com> - 1.4.0-1
- Update to 1.4.0 Fixes bug #1785591
* Sun Oct 6 2019 Kevin Fenzi <kevin(a)scrye.com> - 1.3.1-1
- Update to 1.3.1. Fixes bug #1747075
* Mon Sep 9 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.2.1-5
- Subpackage python2-waitress has been removed
See
https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
* Sat Aug 17 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.2.1-4
- Rebuilt for Python 3.8
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Jun 29 2019 Kevin Fenzi <kevin(a)scrye.com> - 1.2.1-2
- Remove non free docs from src.rpm and provide script to do so before upload.
- Fixes bug #1684335
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1791422 - CVE-2019-16785 python-waitress: waitress: HTTP request smuggling
through LF vs CRLF handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1791422
[ 2 ] Bug #1791416 - CVE-2019-16786 python-waitress: waitress: HTTP request smuggling
through invalid Transfer-Encoding [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1791416
[ 3 ] Bug #1789809 - CVE-2019-16789 python-waitress: waitress: HTTP Request Smuggling
through Invalid whitespace characters in headers [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1789809
[ 4 ] Bug #1785591 - python-waitress-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1785591
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-bdcc8ffc24' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------