Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=walnascar 2025-09-06T14:17:15+00:00 2025-09-06T14:17:15+00:00 Robert Yang liezhi.yang@windriver.com 2025-08-08T03:46:47+00:00 urn:sha1:4b8d8d7f180de40f0a096d3d2bf02067f69bfe05 Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> 2025-07-27T18:35:10+00:00 Jiaying Song jiaying.song.cn@windriver.com 2025-07-16T09:22:22+00:00 urn:sha1:59d381adcaf70ccae5e78a8a21e2afbc59a52165 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-53643 Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>