UbuntuUpdates.org

Package "python3-werkzeug"

Name: python3-werkzeug

Description:

collection of utilities for WSGI applications (Python 3.x)
Latest version: 3.0.1-3ubuntu0.2
Release: noble (24.04)
Level: security
Repository: main
Head package: python-werkzeug
Homepage: https://github.com/pallets/werkzeug/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python3-werkzeug"

All arch deb package
APT INSTALL

Other versions of "python3-werkzeug" in Noble

Repository Area Version
base main 3.0.1-3
updates main 3.0.1-3ubuntu0.2
PPA: Postgresql 0.16.0+dfsg1-1
PPA: Postgresql 0.16.0+dfsg1-1

Changelog

Version: 3.0.1-3ubuntu0.2 2024-11-05 23:07:03 UTC

  python-werkzeug (3.0.1-3ubuntu0.2) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via memory consumption
    - debian/patches/CVE-2024-49767.patch: apply max_form_memory_size
      another level up in the parser in src/werkzeug/formparser.py,
      src/werkzeug/sansio/multipart.py, tests/test_formparser.py.
    - CVE-2024-49767

 -- Marc Deslauriers <email address hidden> Wed, 30 Oct 2024 14:24:57 +0100
Source diff to previous version
CVE-2024-49767 Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a versi

Version: 3.0.1-3ubuntu0.1 2024-05-29 18:08:27 UTC

  python-werkzeug (3.0.1-3ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2024-34069.patch: restrict debugger trusted hosts
    - CVE-2024-34069

 -- Fabian Toepfer <email address hidden> Tue, 21 May 2024 21:53:16 +0200
CVE-2024-34069 Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a de


About   -   Send Feedback to @ubuntu_updates