Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95c0e5ca9571ec1c8b82109588e0087d00a70b95
rpi-buildroot/package/python-aiohttp/python-aiohttp.hash
Titouan Christophe 9a36561fdf package/python-aiohttp: security bump to v3.12.14 
This fixes the following vulnerability:
- CVE-2025-53643:
    In aiohttp prior to version 3.12.14, the Python parser is vulnerable
    to a request smuggling vulnerability due to not parsing trailer
    sections of an HTTP request. If a pure Python version of aiohttp is
    installed (i.e. without the usual C extensions) or
    AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to
    execute a request smuggling attack to bypass certain firewalls or
    proxy protections. Version 3.12.14 contains a patch for this issue.
    https://www.cve.org/CVERecord?id=CVE-2025-53643

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
(cherry picked from commit e4451602eb)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
2025-08-07 11:06:00 +02:00

6 lines
335 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/aiohttp/json
md5 4ed66dcec63108ae3a7c01d0415b4dd9 aiohttp-3.12.14.tar.gz
sha256 6e06e120e34d93100de448fd941522e11dafa78ef1a893c179901b7d66aa29f2 aiohttp-3.12.14.tar.gz
# Locally computed sha256 checksums
sha256 9f80d0db7d755a941db4572172c270ecbd8f082ba215ddd095985942ed94a9eb LICENSE.txt
Reference in New Issue View Git Blame Copy Permalink