UbuntuUpdates.org

Package "python3-werkzeug"

Name: python3-werkzeug

Description:

collection of utilities for WSGI applications (Python 3.x)

Latest version: 0.16.1+dfsg1-2ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: main
Head package: python-werkzeug
Homepage: http://werkzeug.pocoo.org/

Links


Download "python3-werkzeug"


Other versions of "python3-werkzeug" in Focal

Repository Area Version
base main 0.16.1+dfsg1-2
security main 0.16.1+dfsg1-2ubuntu0.2
PPA: Postgresql 0.16.0+dfsg1-1
PPA: Postgresql 0.16.0+dfsg1-1

Changelog

Version: 0.16.1+dfsg1-2ubuntu0.2 2024-05-29 18:08:06 UTC

  python-werkzeug (0.16.1+dfsg1-2ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2024-34069.patch: restrict debugger trusted hosts
    - CVE-2024-34069

 -- Fabian Toepfer <email address hidden> Tue, 28 May 2024 16:21:16 +0200

Source diff to previous version
CVE-2024-34069 Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a de

Version: 0.16.1+dfsg1-2ubuntu0.1 2023-03-14 05:06:58 UTC

  python-werkzeug (0.16.1+dfsg1-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Shadow cookie with nameless cookie
    - debian/patches/CVE-2023-23934.patch: don't strip leading = when
      parsing cookie.
    - CVE-2023-23934
  * SECURITY UPDATE: DoS when processing unlimited multipart form data parts
    - debian/patches/CVE-2023-25577.patch: limit the maximum number of
      multipart form parts.
    - CVE-2023-25577

 -- Fabian Toepfer <email address hidden> Fri, 10 Mar 2023 13:46:44 +0100

CVE-2023-23934 Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vul
CVE-2023-25577 Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited numbe



About   -   Send Feedback to @ubuntu_updates