Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b2801c7bce1efbaeacedd1d9fb974ee4480c6782
rpi-buildroot/package/python-starlette/python-starlette.hash
Titouan Christophe 8945ea3e67 package/python-starlette: security bump to v0.47.2 
For release note, see:
https://github.com/encode/starlette/releases/tag/0.47.2

This fixes the following vulnerability:

- CVE-2025-54121:
    Starlette is a lightweight ASGI (Asynchronous Server Gateway
    Interface) framework/toolkit, designed for building async web services
    in Python. In versions 0.47.1 and below, when parsing a multi-part
    form with large files (greater than the default max spool size)
    starlette will block the main thread to roll the file over to disk.
    This blocks the event thread which means the application can't accept
    new connections. The UploadFile code has a minor bug where instead of
    just checking for self._in_memory, the logic should also check if the
    additional bytes will cause a rollover. The vulnerability is fixed in
    version 0.47.2.
    https://www.cve.org/CVERecord?id=CVE-2025-54121

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Reviewed-by: Marcus Hoffmann <buildroot@bubu1.eu>
[Julien: add link to release note]
Signed-off-by: Julien Olivain <ju.o@free.fr>
2025-07-22 19:12:41 +02:00

6 lines
338 B
Plaintext
Raw Blame History

# md5, sha256 from https://pypi.org/pypi/starlette/json
md5 b58c9f8d38df9946689cb3e9f94555da starlette-0.47.2.tar.gz
sha256 6ae9aa5db235e4846decc1e7b79c4f346adf41e9777aebeb49dfd09bbd7023d8 starlette-0.47.2.tar.gz
# Locally computed sha256 checksums
sha256 dcb95677a02240243187e964f941847d19b17821cf99e5afae684fab328c19bf LICENSE.md
Reference in New Issue View Git Blame Copy Permalink