From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [git commit] package/python-aiohttp: security bump to version 3.7.4
Date: Sat, 27 Feb 2021 16:55:28 +0100 [thread overview]
Message-ID: <20210227153339.5F951861BA@busybox.osuosl.org> (raw)
commit: https://git.buildroot.net/buildroot/commit/?id=0e60a9aa835a2141d4f8e382dc736862a29f6e7f
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes the following security issue:
CVE-2021-21330: Open redirect vulnerability in aiohttp
(normalize_path_middleware middleware)
Beast Glatisant and Jelmer Vernooij reported that python-aiohttp, a async
HTTP client/server framework, is prone to an open redirect vulnerability. A
maliciously crafted link to an aiohttp-based web-server could redirect the
browser to a different website.
For more details, see the advisory:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
package/python-aiohttp/python-aiohttp.hash | 4 ++--
package/python-aiohttp/python-aiohttp.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/python-aiohttp/python-aiohttp.hash b/package/python-aiohttp/python-aiohttp.hash
index 36056d2f99..db7dfd6b15 100644
--- a/package/python-aiohttp/python-aiohttp.hash
+++ b/package/python-aiohttp/python-aiohttp.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/aiohttp/json
-md5 a66039c12f33dd093a2c260f5c459632 aiohttp-3.7.3.tar.gz
-sha256 9c1a81af067e72261c9cbe33ea792893e83bc6aa987bfbd6fdc1e5e7b22777c4 aiohttp-3.7.3.tar.gz
+md5 586eb4e4dcb1e41242ede0c5bcfd4014 aiohttp-3.7.4.tar.gz
+sha256 5d84ecc73141d0a0d61ece0742bb7ff5751b0657dab8405f899d3ceb104cc7de aiohttp-3.7.4.tar.gz
# Locally computed sha256 checksums
sha256 96627bed0ad08e9b2efa9f4e04e80837cd0550e7694a0fec33b1dab2550282ab LICENSE.txt
diff --git a/package/python-aiohttp/python-aiohttp.mk b/package/python-aiohttp/python-aiohttp.mk
index e5a1354267..f1e755c023 100644
--- a/package/python-aiohttp/python-aiohttp.mk
+++ b/package/python-aiohttp/python-aiohttp.mk
@@ -4,9 +4,9 @@
#
################################################################################
-PYTHON_AIOHTTP_VERSION = 3.7.3
+PYTHON_AIOHTTP_VERSION = 3.7.4
PYTHON_AIOHTTP_SOURCE = aiohttp-$(PYTHON_AIOHTTP_VERSION).tar.gz
-PYTHON_AIOHTTP_SITE = https://files.pythonhosted.org/packages/68/96/40a765d7d68028c5a6d169b2747ea3f4828ec91a358a63818d468380521c
+PYTHON_AIOHTTP_SITE = https://files.pythonhosted.org/packages/7a/95/eb60aaad7943e18c9d091de93c9b0b5ed40aa67c7d5e3c5ee9b36f100a38
PYTHON_AIOHTTP_SETUP_TYPE = setuptools
PYTHON_AIOHTTP_LICENSE = Apache-2.0
PYTHON_AIOHTTP_LICENSE_FILES = LICENSE.txt
reply other threads:[~2021-02-27 15:55 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210227153339.5F951861BA@busybox.osuosl.org \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.