[SECURITY] Fedora 31 Update: python-waitress-1.4.3-1.fc31

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-65a7744e38 2020-02-26 17:58:38.930059 -------------------------------------------------------------------------------- Name : python-waitress Product : Fedora 31 Version : 1.4.3 Release : 1.fc31 URL : https://github.com/Pylons/waitress Summary : Waitress WSGI server Description : Waitress is meant to be a production-quality pure-Python WSGI server with very acceptable performance. It has no dependencies except ones which live in the Python standard library. It runs on CPython on Unix and Windows under Python 2.6+ and Python 3.3+. It is also known to run on PyPy 1.6.0+ on UNIX. It supports HTTP/1.0 and HTTP/1.1. -------------------------------------------------------------------------------- Update Information: Update to 1.4.3, fixing CVE-2019-16786 CVE-2019-16785 CVE-2019-16789 and adding various other hardening features. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 7 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com&gt; - 1.4.3-1 - Update to 1.4.3 Fixes bug #1785591 * Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Mon Jan 20 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com&gt; - 1.4.2-1 - Update to 1.4.2 Fixes bugs #1785591 #1789807 #1789809 #1789810 #1791415 * Thu Jan 16 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com&gt; - 1.4.1-1 - Update to 1.4.1 Fixes bug #1785591 * Wed Dec 25 2019 Lorenzo Gil Sanchez <lorenzo.gil.sanchez(a)gmail.com&gt; - 1.4.0-1 - Update to 1.4.0 Fixes bug #1785591 * Sun Oct 6 2019 Kevin Fenzi <kevin(a)scrye.com&gt; - 1.3.1-1 - Update to 1.3.1. Fixes bug #1747075 * Mon Sep 9 2019 Miro Hron��ok <mhroncok(a)redhat.com&gt; - 1.2.1-5 - Subpackage python2-waitress has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal * Sat Aug 17 2019 Miro Hron��ok <mhroncok(a)redhat.com&gt; - 1.2.1-4 - Rebuilt for Python 3.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1791422 - CVE-2019-16785 python-waitress: waitress: HTTP request smuggling through LF vs CRLF handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1791422 [ 2 ] Bug #1791416 - CVE-2019-16786 python-waitress: waitress: HTTP request smuggling through invalid Transfer-Encoding [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1791416 [ 3 ] Bug #1789809 - CVE-2019-16789 python-waitress: waitress: HTTP Request Smuggling through Invalid whitespace characters in headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1789809 [ 4 ] Bug #1785591 - python-waitress-1.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1785591 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-65a7744e38' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------