|
|
Log in / Subscribe / Register

Debian alert DSA-6241-1 (python-aiohttp)



From:
              Moritz Muehlenhoff <jmm@debian.org>


To:
              debian-security-announce@lists.debian.org


Subject:
              [SECURITY] [DSA 6141-1] python-aiohttp security update


Date:
              Fri, 01 May 2026 15:33:25 +0000


Message-ID:
              <afTHxYLxlYGV7-86@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6241-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 01, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-aiohttp
CVE ID         : CVE-2025-69223 CVE-2025-69224 CVE-2025-69225
                 CVE-2025-69226 CVE-2025-69227 CVE-2025-69228
		 CVE-2025-69229

Multiple security vulnerabilities were discovered in Python aiohttp, an
asynchronous HTTP client/server for asyncio, which could result in
denial of service, HTTP request smuggling or information disclosure.

For the stable distribution (trixie), these problems have been fixed in
version 3.11.16-1+deb13u1.

We recommend that you upgrade your python-aiohttp packages.

For the detailed security status of python-aiohttp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-aiohttp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn0xHYACgkQEMKTtsN8
TjYc0w/+NAYKHwob8Dp5MXRkGHmbGdJF5j4Bhb5PH++Fk4qAAGkxNlmqCL1NRnKB
W2QfsQtXAP6UDoTqqBcAeIVpYUnMb56eIRQsWYhAtHsEeZCd+hm4aFiK6ThIwzLV
2yqu6mtojGjEZph6u68ciDT6zUXQB/dKdhe9eurzje/5eJftW5ZqWwb7iDyZUHJg
WATtCdNx/UYpxq2djdcGdm3K+DGUFi6jxt6V6K1TissahnfzYCyP/fSpEZ9OOKPj
U7AiT6pBUv3tEzfOriMgZdDYDI8sonmTMQVg6cT7m9CRGUtapsjEMrLUu1M3L37y
0tjfy3zmHDa5/M7lOhKb2rN3scab9mG7GoxOvjfQlVSDxFORz9Xa3NmTP679Ya5/
A0uBSDDE9TYqV1DtBykzbIOondyrnbepNEfNH0KKlrpsTLoxfuitmUHxpwQIpDSJ
p9PT31EifurF1UVNhga7/pDsnysNnqDty5xLrSzuJrKqA4+3Bcdk/RI7PjuA8FWJ
4C+6ULkkowP9HnQRU7nTjJ/770UPgDplPmWB5OrpZGQogjimHygKd2M+gbWXlYQI
vjups4PFIIiZo6Cw8sSzNAkMYvmoilqA4j2cATMssUbv55zIU3QjOY7g1uihqkQS
WoF08ZQP30JTxpc+lW6gS9ITzF7fHvni6nmvZq2ATOv9ppG3rHk=
=bXVa
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds