Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-RU-2022:3275-1

Опубликовано: 15 сент. 2022
Источник: suse-cvrf

Описание

Recommended update for python-aiohttp, python-typing_extensions

This update for python-aiohttp, python-typing_extensions fixes the following issues:

  • Include in SLE-15 (bsc#1197831)
  • Fixed required/optional keys with old-style TypedDict
  • Test in separate multibuild flavor to break depcycles with full python stdlib
  • Clean requirements specifications for python flavors
  • Add transitional typing-extensions provides
  • Fix tests for Python 3.9
  • Official support for Python 3.8 and 3.9
  • Fix build without python2 available
  • Fix isinstance() with generic protocol subclasses after subscripting
  • Fix tests for non-default interpreters
  • Use environment marker to specify typing dependency
  • Fix unions of protocols on Python 2

Список пакетов

Image SLES15-SP2-BYOS-Azure
python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP2-HPC-BYOS-Azure
python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP2-SAP-Azure
python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP2-SAP-BYOS-Azure
python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP3-BYOS-Azure
python3-aiohttp-3.6.0-150100.3.9.1
python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP3-HPC-BYOS-Azure
python3-aiohttp-3.6.0-150100.3.9.1
python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP3-SAP-BYOS-Azure
python3-aiohttp-3.6.0-150100.3.9.1
python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP3-SAPCAL-Azure
python3-aiohttp-3.6.0-150100.3.9.1
python3-typing_extensions-3.10.0.0-150100.3.3.1
SUSE Linux Enterprise Module for Public Cloud 15 SP1
python-aiohttp-doc-3.6.0-150100.3.9.1
python3-aiohttp-3.6.0-150100.3.9.1
python3-typing_extensions-3.10.0.0-150100.3.3.1
SUSE Linux Enterprise Module for Public Cloud 15 SP2
python-aiohttp-doc-3.6.0-150100.3.9.1
python3-aiohttp-3.6.0-150100.3.9.1
python3-typing_extensions-3.10.0.0-150100.3.3.1
SUSE Linux Enterprise Module for Public Cloud 15 SP3
python3-aiohttp-3.6.0-150100.3.9.1
python3-typing_extensions-3.10.0.0-150100.3.3.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4
python3-aiohttp-3.6.0-150100.3.9.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
python3-typing_extensions-3.10.0.0-150400.3.2.1
openSUSE Leap 15.3
python-aiohttp-doc-3.6.0-150100.3.9.1
python3-aiohttp-3.6.0-150100.3.9.1
openSUSE Leap 15.4
python-aiohttp-doc-3.6.0-150100.3.9.1
python3-aiohttp-3.6.0-150100.3.9.1
python3-typing_extensions-3.10.0.0-150400.3.2.1

Ссылки

Описание

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.

Затронутые продукты
Image SLES15-SP2-BYOS-Azure:python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP2-HPC-BYOS-Azure:python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP2-SAP-Azure:python3-typing_extensions-3.10.0.0-150100.3.3.1
Image SLES15-SP2-SAP-BYOS-Azure:python3-typing_extensions-3.10.0.0-150100.3.3.1
Ссылки