summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch')
-rw-r--r--meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch5
1 files changed, 2 insertions, 3 deletions
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
index 3a0f4324a1..268a29b368 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
+++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch
@@ -27,15 +27,14 @@ diff --git a/CHANGES.rst b/CHANGES.rst
27index 6e809ba..13ef75b 100644 27index 6e809ba..13ef75b 100644
28--- a/CHANGES.rst 28--- a/CHANGES.rst
29+++ b/CHANGES.rst 29+++ b/CHANGES.rst
30@@ -4,6 +4,9 @@ 30@@ -4,6 +4,8 @@
31 ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS 31 ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS
32 attack where a larger number of form/file parts would result in disproportionate 32 attack where a larger number of form/file parts would result in disproportionate
33 resource use. 33 resource use.
34+- A cookie header that starts with ``=`` is treated as an empty key and discarded, 34+- A cookie header that starts with ``=`` is treated as an empty key and discarded,
35+ rather than stripping the leading ``==``. 35+ rather than stripping the leading ``==``.
36+
37 36
38 Version 2.1.1 37 Version 2.1.2
39 ------------- 38 -------------
40diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py 39diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py
41index a8b3523..d6290ba 100644 40index a8b3523..d6290ba 100644