Package: python-aiohttp / 3.5.1-1+deb10u1

Metadata

Package Version Patches format
python-aiohttp 3.5.1-1+deb10u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0002 Use local install of jquery.patch | (download)

examples/websocket.html | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use local install of jquery


0002 CVE 2021 21330 Prevent open redirects.patch | (download)

aiohttp/web_middlewares.py | 1 1 + 0 - 0 !
tests/test_web_middleware.py | 32 32 + 0 - 0 !
2 files changed, 33 insertions(+)

 cve-2021-21330: prevent open redirects
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

in the ``aiohttp.web.normalize_path_middleware`` middleware.

Thanks to `Beast Glatisant <https://github.com/g147>`__ for
finding the firstinstance of this issue and `Jelmer Vernoo
<https://jelmer.uk/>`__ for reporting and tracking it down
in aiohttp.

Bug-Upstream: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg