Fedora alert FEDORA-2025-2fd25cfb83 (python-h11)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 41 Update: python-h11-0.14.0-7.fc41 | |
| Date: | Sun, 11 May 2025 02:31:38 +0000 | |
| Message-ID: | <20250511023138.7CFDB2031496@bastion01.iad2.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-2fd25cfb83 2025-05-11 02:30:35.179655+00:00 -------------------------------------------------------------------------------- Name : python-h11 Product : Fedora 41 Version : 0.14.0 Release : 7.fc41 URL : https://github.com/python-hyper/h11 Summary : A pure-Python, bring-your-own-I/O implementation of HTTP/1.1 Description : This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded, asynchronous, or your own implementation of RFC 6214 -- h11 will not judge you. This also means that h11 is not immediately useful out of the box: it is a toolkit for building programs that speak HTTP, not something that could directly replace requests or twisted.web or whatever. But h11 makes it much easier to implement something like requests or twisted.web. -------------------------------------------------------------------------------- Update Information: Backport upstream fix for CVE-2025-43859 -------------------------------------------------------------------------------- ChangeLog: * Fri May 2 2025 Robby Callicotte <rcallicotte@fedoraproject.org> - 0.14.0-7 - Backport upstream fix for CVE-2025-43859 * Sat Jan 18 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.14.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2362286 - CVE-2025-43859 python-h11: h11 accepts some malformed Chunked-Encoding bodies [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2362286 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2fd25cfb83' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue