[ubuntu/noble-updates] python-aiohttp 3.9.1-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Sep 4 18:28:11 UTC 2024
python-aiohttp (3.9.1-1ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: When 'follow_symlinks' is enabled, file paths
are not properly validated, allowing unauthorized access to
files on the system.
- debian/patches/CVE-2024-23334.patch: Validate static paths.
- CVE-2024-23334
Date: 2024-08-24 00:54:09.097251+00:00
Changed-By: Chris Kim <chris.kim at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/python-aiohttp/3.9.1-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list