Publishing details

Published on 2023-03-13
Copied from ubuntu jammy in PPA for Ubuntu Security Proposed by Fabian Toepfer

Changelog

python-werkzeug (2.0.2+dfsg1-1ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Shadow cookie with nameless cookie
    - debian/patches/CVE-2023-23934.patch: don't strip leading = when
      parsing cookie.
    - CVE-2023-23934
  * SECURITY UPDATE: DoS when processing unlimited multipart form data parts
    - debian/patches/CVE-2023-25577.patch: limit the maximum number of
      multipart form parts.
    - CVE-2023-25577

 -- Fabian Toepfer <email address hidden>  Fri, 10 Mar 2023 13:55:03 +0100

Available diffs

diff from 2.0.2+dfsg1-1 (in Debian) to 2.0.2+dfsg1-1ubuntu0.22.04.1 (3.7 KiB)

Builds

amd64

Built packages

python-werkzeug-doc documentation for the werkzeug Python library (docs)

python3-werkzeug collection of utilities for WSGI applications (Python 3.x)

Package files

python-werkzeug-doc_2.0.2+dfsg1-1ubuntu0.22.04.1_all.deb (608.9 KiB)
python-werkzeug_2.0.2+dfsg1-1ubuntu0.22.04.1.debian.tar.xz (10.8 KiB)
python-werkzeug_2.0.2+dfsg1-1ubuntu0.22.04.1.dsc (2.6 KiB)
python-werkzeug_2.0.2+dfsg1.orig.tar.xz (727.0 KiB)
python3-werkzeug_2.0.2+dfsg1-1ubuntu0.22.04.1_all.deb (176.5 KiB)