Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=walnascar 2025-07-27T18:35:10+00:00 2025-07-27T18:35:10+00:00 Jiaying Song jiaying.song.cn@windriver.com 2025-07-16T09:22:22+00:00 urn:sha1:59d381adcaf70ccae5e78a8a21e2afbc59a52165 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-53643 Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2025-04-06T15:47:56+00:00 Tom Geelen t.f.g.geelen@gmail.com 2025-04-05T20:14:01+00:00 urn:sha1:4e9de6f77c968cfd1cbf03c3d41314b2a7712cf0 Signed-off-by: Khem Raj <raj.khem@gmail.com>