diff options
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch')
| -rw-r--r-- | meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch index 3a0f4324a1..268a29b368 100644 --- a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch +++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch | |||
| @@ -27,15 +27,14 @@ diff --git a/CHANGES.rst b/CHANGES.rst | |||
| 27 | index 6e809ba..13ef75b 100644 | 27 | index 6e809ba..13ef75b 100644 |
| 28 | --- a/CHANGES.rst | 28 | --- a/CHANGES.rst |
| 29 | +++ b/CHANGES.rst | 29 | +++ b/CHANGES.rst |
| 30 | @@ -4,6 +4,9 @@ | 30 | @@ -4,6 +4,8 @@ |
| 31 | ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS | 31 | ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS |
| 32 | attack where a larger number of form/file parts would result in disproportionate | 32 | attack where a larger number of form/file parts would result in disproportionate |
| 33 | resource use. | 33 | resource use. |
| 34 | +- A cookie header that starts with ``=`` is treated as an empty key and discarded, | 34 | +- A cookie header that starts with ``=`` is treated as an empty key and discarded, |
| 35 | + rather than stripping the leading ``==``. | 35 | + rather than stripping the leading ``==``. |
| 36 | + | ||
| 37 | 36 | ||
| 38 | Version 2.1.1 | 37 | Version 2.1.2 |
| 39 | ------------- | 38 | ------------- |
| 40 | diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py | 39 | diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py |
| 41 | index a8b3523..d6290ba 100644 | 40 | index a8b3523..d6290ba 100644 |
