Package: python-flask-cors | Debian Sources

Package: python-flask-cors / 3.0.10-2+deb12u1

Metadata

Package	Version	Patches format
python-flask-cors	3.0.10-2+deb12u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
debian hacks/Privacy Remove linking to external resources.patch \| (download)	README.rst \| 12 0 + 12 - 0 ! 1 file changed, 12 deletions(-)	privacy: remove linking to external resources We don't need these links to external graphics.
debian hacks/README Link to internal HTML resource.patch \| (download)	README.rst \| 8 4 + 4 - 0 ! 1 file changed, 4 insertions(+), 4 deletions(-)	readme: link to internal html resource No need to link to any external resource, the goal and intended bheavior is to provide all HTML documentation locally.
upstream/Spelling Fix misspelled word conjuction.patch \| (download)	flask_cors/decorator.py \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	spelling: fix misspelled word conjuction
upstream/Spelling Fix misspelled word maching.patch \| (download)	docs/configuration.rst \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	spelling: fix misspelled word maching
debian hacks/docs Use local inventory for Python3.patch \| (download)	docs/conf.py \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	docs: use local inventory for python3 Patch requires package python3-doc to be installed.
CVE 2024 1681.patch \| (download)	flask_cors/extension.py \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	update extension.py to clean request.path before logging it (#351) * Update extension.py to use string format specifier for cleaning request.path
CVE 2024 6866.patch \| (download)	flask_cors/core.py \| 47 28 + 19 - 0 ! flask_cors/extension.py \| 2 1 + 1 - 0 ! tests/core/helper_tests.py \| 9 6 + 3 - 0 ! 3 files changed, 35 insertions(+), 23 deletions(-)	[patch] [cve-2024-6866] case sensitive request path matching (#390) * [CVE-2024-6866] Case Sensitive Request Path Matching * Update flask_cors/core.py Co-authored-by: Cory Dolphin <corydolphin@gmail.com>
CVE 2024 6839 1.patch \| (download)	flask_cors/core.py \| 21 11 + 10 - 0 ! tests/core/helper_tests.py \| 2 1 + 1 - 0 ! 2 files changed, 12 insertions(+), 11 deletions(-)	[patch] [cve-2024-6839] sort paths by regex specificity (#391)
CVE 2024 6839 2.patch \| (download)	flask_cors/core.py \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	[patch] sort paths longest to shortest. Previously, path sort length was inverted, with short paths before long ones, this led to a path like `/` being handled before* a path like `/foo/bar/baz`, which is exactly what we didn't want. This was tested, but the test was misnamed and so wasn't picked up by pytest.
CVE 2024 6844.patch \| (download)	flask_cors/extension.py \| 6 3 + 3 - 0 ! tests/extension/test_app_extension.py \| 56 56 + 0 - 0 ! 2 files changed, 59 insertions(+), 3 deletions(-)	[patch] [cve-2024-6844] replace use of (urllib) unquote_plus with unquote for paths (#389)

1