Accepted waitress 0.8.9-2+deb8u1 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 28 Dec 2019 17:33:13 +0000
Source: waitress
Binary: python-waitress python3-waitress python-waitress-doc
Architecture: source all
Version: 0.8.9-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Andrew Shadura <andrewsh@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
python-waitress - production-quality pure-Python WSGI server
python-waitress-doc - production-quality pure-Python WSGI server (documentation)
python3-waitress - production-quality pure-Python WSGI server (Python 3)
Closes: 947433
Changes:
waitress (0.8.9-2+deb8u1) jessie-security; urgency=high
.
* CVE-2019-16789: Prevent a potential HTTP request smuggling vulnerability.
If a proxy server is used in front of waitress, an invalid request may be
sent by an attacker that bypasses the front-end and is parsed differently
by waitress leading to a potential for request smuggling. Specially crafted
requests containing special whitespace characters in the Transfer-Encoding
header would get parsed by Waitress as being a chunked request, but a
front-end server would use the Content-Length instead as the
Transfer-Encoding header is considered invalid due to containing invalid
characters. If a front-end server does HTTP pipelining to a backend
Waitress server this could lead to HTTP request splitting which may lead to
potential cache poisoning or information disclosure. (Closes: #947433)
Checksums-Sha1:
f14bc1c2b0d9ec63f2881d8080b303e287663172 2045 waitress_0.8.9-2+deb8u1.dsc
b5d27c096959ee39266a16bc5e2746f3358ad766 116869 waitress_0.8.9.orig.tar.gz
b0060e1de85f97a3740321dbe379cf25d5998d8a 6336 waitress_0.8.9-2+deb8u1.debian.tar.xz
0ad992d4735f7cc5db5ce80435020070edacd534 59856 python-waitress_0.8.9-2+deb8u1_all.deb
bcac15094e48ba663978f68e3070229232ed3686 59932 python3-waitress_0.8.9-2+deb8u1_all.deb
4fedb880e262f37913e570182402a1fb8854dce1 48144 python-waitress-doc_0.8.9-2+deb8u1_all.deb
Checksums-Sha256:
f913f47df64fb6a3dc4fc2c7be0b8b7fe82ecc0fccdffa8a65b9a17dfdd15f91 2045 waitress_0.8.9-2+deb8u1.dsc
bde2628518aeadda91245b30d931af62b00ef52104e7b90c3537aad4b603f91f 116869 waitress_0.8.9.orig.tar.gz
2dae0cc86ee5f36e3738704f153ca54b83a834154cf142d88bb60eba4373022b 6336 waitress_0.8.9-2+deb8u1.debian.tar.xz
e798147ee6808d3ac83316fec4f5843690b28679a4794c5c2678abe747bc25b1 59856 python-waitress_0.8.9-2+deb8u1_all.deb
d6de2a563c43f417d049865b73f127e8526514c29c53d55d1c068a3d3e7b3acf 59932 python3-waitress_0.8.9-2+deb8u1_all.deb
433153b3d3eb4bd3f4275e2899dce317881d80ea5223aa3340a84be92725a1be 48144 python-waitress-doc_0.8.9-2+deb8u1_all.deb
Files:
a18f04c007d9ff490f7feef714be7485 2045 python optional waitress_0.8.9-2+deb8u1.dsc
08a4f464b4c1cab4d0abdf1b0aa0e7b8 116869 python optional waitress_0.8.9.orig.tar.gz
3086814051efd52249a43ee0d243188b 6336 python optional waitress_0.8.9-2+deb8u1.debian.tar.xz
01be00fafbc83b5e509bd644b92d3b42 59856 python optional python-waitress_0.8.9-2+deb8u1_all.deb
3514b07cc104f5d808a6770c73eb159b 59932 python optional python3-waitress_0.8.9-2+deb8u1_all.deb
c3a105f5c7019188073a17cd9bbf1786 48144 doc optional python-waitress-doc_0.8.9-2+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4MpCIACgkQHpU+J9Qx
HliLsA//aGNkqQ9zYLBn4d2a3r+xc6pjOY6p+tBHc13qtKopQl5zL228hYy0Unba
q3gfX0Pif2OsacPz1gmZormWpYI5Sx/s+lVmC7oIA4/tNJIc5PD41uYRgYVUuJXe
ApVhGr3ooUe5QaixeraiBH7xRGzq9gKKJ4BegEr3HhTUqRWSj0JUmsUowbVgs0iX
/ON0mJRMFMn+Uny5s7kQi2RnH9dFVBLuTBUvuYPMBevlmhXUWU/66fQgk+4CJKn8
lpt2c+b9nFXjsd6UMKdAF5HFTyUCJ4NTfNOegQfRRTB9muMODxPPR08+GGMBEuqH
MsCaH5Gb63/wdwliMKDCIq7ZnWoNNsElJQt2G71sTOLthYMu64lyLHNVlzITMhVl
BFTXuet32uRQjHyBCqUJOM33f/kGwfmy06k3qO2/Q9vGpbqsMUE4FRlc1WBNI4Q1
WpxMTESCB6gir1IWr1DwqDTBul7jbv66ZMaapHMWDkCMONBSagIt3lfFnROc01mE
OG0aH2e4//j3+3AhKKfdYCXUu/spwG045WSlmH0Er9JvSvHEitsXqcfZ6rXcCNim
k3epgDjYwS59xnyWbjFhRaQpxPLayuk81P+NKHXXN3OGJFTm5egeDRSPykMgimOj
ZAesO8vhveK3kzRycAZpyJaBeA3K9RIPTwQqvBicTaHCihxp/YI=
=5sVw
-----END PGP SIGNATURE-----