Fedora alert FEDORA-2024-f1615b58e6 (python-starlette)

From:
             
 
updates--- via package-announce <package-announce@lists.fedoraproject.org>
To:
             
 
package-announce@lists.fedoraproject.org
Subject:
             
 
[SECURITY] Fedora 40 Update: python-starlette-0.40.0-1.fc40
Date:
             
 
Thu, 24 Oct 2024 01:28:49 +0000
Message-ID:
             
 
<20241024012849.765A02046AFA@bastion01.iad2.fedoraproject.org>
Archive-link:
             
 
Article
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f1615b58e6
2024-10-24 01:27:39.153333
--------------------------------------------------------------------------------

Name        : python-starlette
Product     : Fedora 40
Version     : 0.40.0
Release     : 1.fc40
URL         : https://www.starlette.io/
Summary     : The little ASGI library that shines
Description :
Starlette is a lightweight ASGI framework/toolkit, which is ideal for building
async web services in Python.

It is production-ready, and gives you the following:

  • A lightweight, low-complexity HTTP web framework.
  • WebSocket support.
  • In-process background tasks.
  • Startup and shutdown events.
  • Test client built on requests.
  • CORS, GZip, Static Files, Streaming responses.
  • Session and Cookie support.
  • 100% test coverage.
  • 100% type annotated codebase.
  • Few hard dependencies.
  • Compatible with asyncio and trio backends.
  • Great overall performance against independent benchmarks.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2024-47874.
Starlette 0.40.0 (October 15, 2024)
This release fixes a Denial of service (DoS) via multipart/form-data requests.
You can view the full security advisory:
GHSA-f96h-pmfr-66vw
Fixed
Add max_part_size to MultiPartParser to limit the size of parts in
multipart/form-data
  requests fd038f3.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Benjamin A. Beasley <code@musicinmybrain.net> - 0.40.0-1
- Update to 0.40.0 (close RHBZ#2318804)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2318804 - CVE-2024-47874 python-starlette: Starlette Denial of service (DoS) via
multipart/form-data [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2318804
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f1615b58e6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------



Attachment: None (type=text/plain)
-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue