Oval Definition:	oval:org.opensuse.security:def:53028
Revision Date: 2020-12-01 Version: 1 Title: Security update for python-waitress (Moderate) Description: This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670). Family: unix Class: patch Status: Reference(s): 1005091 1012677 1141122 1157119 1160673 1160790 1160922 1161088 1161089 1161670 915545 921753 952871 963415 965875 968046 968048 968051 968053 968374 982014 995964 CVE-2007-5970 CVE-2008-3522 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2008-7247 CVE-2009-2694 CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3084 CVE-2009-3085 CVE-2009-3615 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2009-4492 CVE-2010-0013 CVE-2010-0277 CVE-2010-0420 CVE-2010-0423 CVE-2010-0541 CVE-2010-1624 CVE-2010-2528 CVE-2010-3711 CVE-2010-5298 CVE-2011-1004 CVE-2011-1005 CVE-2011-1091 CVE-2011-3594 CVE-2011-4516 CVE-2011-4517 CVE-2011-4815 CVE-2012-0035 CVE-2012-2214 CVE-2012-2737 CVE-2012-3374 CVE-2012-5134 CVE-2012-5615 CVE-2012-6152 CVE-2013-0271 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274 CVE-2013-1976 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6486 CVE-2013-6487 CVE-2014-0020 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-2494 CVE-2014-2892 CVE-2014-3421 CVE-2014-3422 CVE-2014-3423 CVE-2014-3424 CVE-2014-3470 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3697 CVE-2014-3698 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-8964 CVE-2014-9029 CVE-2014-9654 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2265 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-3152 CVE-2015-3197 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5203 CVE-2015-5221 CVE-2015-5969 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 CVE-2016-0739 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 CVE-2016-10251 CVE-2016-1577 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-1867 CVE-2016-2047 CVE-2016-2089 CVE-2016-2116 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-5104 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7098 CVE-2016-7440 CVE-2016-8283 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8880 CVE-2016-8881 CVE-2016-8882 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-8886 CVE-2016-8887 CVE-2016-9262 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9395 CVE-2016-9398 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600 CVE-2017-1000050 CVE-2017-10268 CVE-2017-10320 CVE-2017-10365 CVE-2017-10378 CVE-2017-15365 CVE-2017-2640 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-5498 CVE-2017-6850 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2759 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2777 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-9055 CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 CVE-2019-18904 SUSE-SU-2015:0805-1 SUSE-SU-2016:0625-1 SUSE-SU-2016:0641-1 SUSE-SU-2016:1639-1 SUSE-SU-2016:3268-1 SUSE-SU-2020:0278-1 SUSE-SU-2020:3269-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 SUSE Linux Enterprise Module for Public Cloud 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information libcroco-0_6-3-0.6.12-lp150.2 is installed OR libcroco-0_6-3-32bit-0.6.12-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information kernel-firmware-20190618-lp151.2.6 is installed OR ucode-amd-20190618-lp151.2.6 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-24.2.0esr-0.7 is installed OR MozillaFirefox-branding-SLED-24-0.7 is installed OR MozillaFirefox-translations-24.2.0esr-0.7 is installed OR libfreebl3-3.15.3.1-0.7 is installed OR libfreebl3-32bit-3.15.3.1-0.7 is installed OR libsoftokn3-3.15.3.1-0.7 is installed OR libsoftokn3-32bit-3.15.3.1-0.7 is installed OR mozilla-nss-3.15.3.1-0.7 is installed OR mozilla-nss-32bit-3.15.3.1-0.7 is installed OR mozilla-nss-tools-3.15.3.1-0.7 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information compat-openssl097g-0.9.7g-146.22.41 is installed OR compat-openssl097g-32bit-0.9.7g-146.22.41 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information cups-filters-1.0.58-5 is installed OR cups-filters-cups-browsed-1.0.58-5 is installed OR cups-filters-foomatic-rip-1.0.58-5 is installed OR cups-filters-ghostscript-1.0.58-5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND ruby-2.1-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information emacs-24.3-16 is installed OR emacs-info-24.3-16 is installed OR emacs-x11-24.3-16 is installed OR etags-24.3-16 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information finch-2.12.0-1 is installed OR libpurple-2.12.0-1 is installed OR libpurple-branding-upstream-2.12.0-1 is installed OR libpurple-lang-2.12.0-1 is installed OR libpurple-plugin-sametime-2.12.0-1 is installed OR libpurple-tcl-2.12.0-1 is installed OR pidgin-2.12.0-1 is installed Definition Synopsis SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 is installed AND Package Information python-waitress-1.4.3-3.3 is installed OR python2-waitress-1.4.3-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed AND Package Information rmt-server-2.5.2-3.9 is installed OR rmt-server-pubcloud-2.5.2-3.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information gdk-pixbuf-lang-2.30.6-1 is installed OR gdk-pixbuf-query-loaders-2.30.6-1 is installed OR gdk-pixbuf-query-loaders-32bit-2.30.6-1 is installed OR libgdk_pixbuf-2_0-0-2.30.6-1 is installed OR libgdk_pixbuf-2_0-0-32bit-2.30.6-1 is installed OR typelib-1_0-GdkPixbuf-2_0-2.30.6-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information evince-3.10.3-2.3 is installed OR evince-lang-3.10.3-2.3 is installed OR libevdocument3-4-3.10.3-2.3 is installed OR libevview3-3-3.10.3-2.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND apache2-mod_perl-2.0.8-11 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information jakarta-commons-fileupload-1.1.1-122.3 is installed OR jakarta-commons-fileupload-javadoc-1.1.1-122.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information openssh-7.2p2-74.25 is installed OR openssh-askpass-gnome-7.2p2-74.25 is installed OR openssh-fips-7.2p2-74.25 is installed OR openssh-helpers-7.2p2-74.25 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_90-92_50-default-11-2 is installed OR kgraft-patch-SLE12-SP2_Update_15-11-2 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP3 is installed AND kernel-default-4.4.180-94.100 is installed OR kernel-default-base-4.4.180-94.100 is installed OR kernel-default-devel-4.4.180-94.100 is installed OR kernel-default-man-4.4.180-94.100 is installed OR kernel-devel-4.4.180-94.100 is installed OR kernel-macros-4.4.180-94.100 is installed OR kernel-source-4.4.180-94.100 is installed OR kernel-syms-4.4.180-94.100 is installed OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed OR Package Information SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND kernel-default-4.4.180-94.100 is installed OR kernel-default-base-4.4.180-94.100 is installed OR kernel-default-devel-4.4.180-94.100 is installed OR kernel-default-man-4.4.180-94.100 is installed OR kernel-devel-4.4.180-94.100 is installed OR kernel-macros-4.4.180-94.100 is installed OR kernel-source-4.4.180-94.100 is installed OR kernel-syms-4.4.180-94.100 is installed OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information java-1_8_0-openjdk-1.8.0.131-26 is installed OR java-1_8_0-openjdk-demo-1.8.0.131-26 is installed OR java-1_8_0-openjdk-devel-1.8.0.131-26 is installed OR java-1_8_0-openjdk-headless-1.8.0.131-26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information glib2-2.48.2-12.15 is installed OR glib2-lang-2.48.2-12.15 is installed OR glib2-tools-2.48.2-12.15 is installed OR libgio-2_0-0-2.48.2-12.15 is installed OR libgio-2_0-0-32bit-2.48.2-12.15 is installed OR libglib-2_0-0-2.48.2-12.15 is installed OR libglib-2_0-0-32bit-2.48.2-12.15 is installed OR libgmodule-2_0-0-2.48.2-12.15 is installed OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed OR libgobject-2_0-0-2.48.2-12.15 is installed OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed OR libgthread-2_0-0-2.48.2-12.15 is installed OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information dovecot22-2.2.31-19.17 is installed OR dovecot22-backend-mysql-2.2.31-19.17 is installed OR dovecot22-backend-pgsql-2.2.31-19.17 is installed OR dovecot22-backend-sqlite-2.2.31-19.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information openslp-2.0.0-18.17 is installed OR openslp-32bit-2.0.0-18.17 is installed OR openslp-server-2.0.0-18.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information bluez-5.13-5.4 is installed OR libbluetooth3-5.13-5.4 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information kernel-default-3.12.74-60.64.48 is installed OR kernel-default-base-3.12.74-60.64.48 is installed OR kernel-default-devel-3.12.74-60.64.48 is installed OR kernel-devel-3.12.74-60.64.48 is installed OR kernel-macros-3.12.74-60.64.48 is installed OR kernel-source-3.12.74-60.64.48 is installed OR kernel-syms-3.12.74-60.64.48 is installed OR kernel-xen-3.12.74-60.64.48 is installed OR kernel-xen-base-3.12.74-60.64.48 is installed OR kernel-xen-devel-3.12.74-60.64.48 is installed OR kgraft-patch-3_12_74-60_64_48-default-1-2 is installed OR kgraft-patch-3_12_74-60_64_48-xen-1-2 is installed OR kgraft-patch-SLE12-SP1_Update_17-1-2 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libsoup-2.62.2-5.7 is installed OR libsoup-2_4-1-2.62.2-5.7 is installed OR libsoup-2_4-1-32bit-2.62.2-5.7 is installed OR libsoup-lang-2.62.2-5.7 is installed OR typelib-1_0-Soup-2_4-2.62.2-5.7 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information ardana-monasca-8.0+git.1535031421.9262a47-3.12 is installed OR ardana-spark-8.0+git.1534267176.a5f3a22-3.6 is installed OR kafka-0.10.2.2-5.6 is installed OR openstack-monasca-api-2.2.1~dev24-3.6 is installed OR python-monasca-api-2.2.1~dev24-3.6 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information gcc9-9.2.1+r275327-1.3 is installed OR libasan5-9.2.1+r275327-1.3 is installed OR libasan5-32bit-9.2.1+r275327-1.3 is installed OR libatomic1-9.2.1+r275327-1.3 is installed OR libatomic1-32bit-9.2.1+r275327-1.3 is installed OR libgcc_s1-9.2.1+r275327-1.3 is installed OR libgcc_s1-32bit-9.2.1+r275327-1.3 is installed OR libgfortran5-9.2.1+r275327-1.3 is installed OR libgfortran5-32bit-9.2.1+r275327-1.3 is installed OR libgo14-9.2.1+r275327-1.3 is installed OR libgo14-32bit-9.2.1+r275327-1.3 is installed OR libgomp1-9.2.1+r275327-1.3 is installed OR libgomp1-32bit-9.2.1+r275327-1.3 is installed OR libitm1-9.2.1+r275327-1.3 is installed OR libitm1-32bit-9.2.1+r275327-1.3 is installed OR liblsan0-9.2.1+r275327-1.3 is installed OR libquadmath0-9.2.1+r275327-1.3 is installed OR libquadmath0-32bit-9.2.1+r275327-1.3 is installed OR libstdc++6-9.2.1+r275327-1.3 is installed OR libstdc++6-32bit-9.2.1+r275327-1.3 is installed OR libstdc++6-locale-9.2.1+r275327-1.3 is installed OR libtsan0-9.2.1+r275327-1.3 is installed OR libubsan1-9.2.1+r275327-1.3 is installed OR libubsan1-32bit-9.2.1+r275327-1.3 is installed
BACK