Oval Definition:	oval:org.opensuse.security:def:53055
Revision Date: 2020-12-01 Version: 1 Title: Security update for python-waitress (Moderate) Description: This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670). Family: unix Class: patch Status: Reference(s): 1158108 1158109 1160790 1161088 1161089 1161670 924208 957531 970547 971964 983232 983234 983253 983259 983292 983305 983308 983521 983523 983527 983533 983739 983746 983752 983774 983794 983796 983799 983803 984014 984018 984023 984028 984032 984035 984135 984137 984142 984144 984145 984149 984150 984160 984166 984172 984179 984181 984183 984184 984185 984186 984187 984191 984193 984370 984372 984373 984374 984375 984379 984394 984398 984400 984401 984404 984406 984408 984409 984427 984433 984436 985442 985448 985451 985456 985460 986608 986609 CVE-2009-0163 CVE-2009-2820 CVE-2009-2905 CVE-2009-3553 CVE-2010-0393 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748 CVE-2010-2935 CVE-2010-2936 CVE-2010-2941 CVE-2011-1898 CVE-2011-2199 CVE-2012-0029 CVE-2012-0217 CVE-2012-2369 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5519 CVE-2012-5519 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2012-6094 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1922 CVE-2013-1952 CVE-2013-1986 CVE-2013-2007 CVE-2013-3495 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2014-0222 CVE-2014-0247 CVE-2014-2856 CVE-2014-3124 CVE-2014-3524 CVE-2014-3537 CVE-2014-3564 CVE-2014-3575 CVE-2014-3615 CVE-2014-3693 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-5146 CVE-2014-5149 CVE-2014-6268 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-8146 CVE-2014-8147 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 CVE-2014-9065 CVE-2014-9066 CVE-2014-9093 CVE-2014-9679 CVE-2014-9805 CVE-2014-9806 CVE-2014-9807 CVE-2014-9808 CVE-2014-9809 CVE-2014-9810 CVE-2014-9811 CVE-2014-9812 CVE-2014-9813 CVE-2014-9814 CVE-2014-9815 CVE-2014-9816 CVE-2014-9817 CVE-2014-9818 CVE-2014-9819 CVE-2014-9820 CVE-2014-9821 CVE-2014-9822 CVE-2014-9823 CVE-2014-9824 CVE-2014-9825 CVE-2014-9826 CVE-2014-9828 CVE-2014-9829 CVE-2014-9830 CVE-2014-9831 CVE-2014-9832 CVE-2014-9833 CVE-2014-9834 CVE-2014-9835 CVE-2014-9836 CVE-2014-9837 CVE-2014-9838 CVE-2014-9839 CVE-2014-9840 CVE-2014-9841 CVE-2014-9842 CVE-2014-9843 CVE-2014-9844 CVE-2014-9845 CVE-2014-9846 CVE-2014-9847 CVE-2014-9848 CVE-2014-9849 CVE-2014-9850 CVE-2014-9851 CVE-2014-9852 CVE-2014-9853 CVE-2014-9854 CVE-2015-0361 CVE-2015-1158 CVE-2015-1158 CVE-2015-1159 CVE-2015-1159 CVE-2015-2044 CVE-2015-2045 CVE-2015-2151 CVE-2015-2152 CVE-2015-2751 CVE-2015-2752 CVE-2015-2756 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-4551 CVE-2015-5154 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214 CVE-2015-5239 CVE-2015-5307 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2015-8327 CVE-2015-8833 CVE-2015-8894 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2015-8900 CVE-2015-8901 CVE-2015-8902 CVE-2015-8903 CVE-2016-0794 CVE-2016-0795 CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0963 CVE-2016-0986 CVE-2016-0987 CVE-2016-0988 CVE-2016-0989 CVE-2016-0990 CVE-2016-0991 CVE-2016-0992 CVE-2016-0993 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 CVE-2016-1001 CVE-2016-1002 CVE-2016-1005 CVE-2016-1010 CVE-2016-3190 CVE-2016-4324 CVE-2016-4562 CVE-2016-4563 CVE-2016-4564 CVE-2016-5687 CVE-2016-5688 CVE-2016-5689 CVE-2016-5690 CVE-2016-5691 CVE-2016-5841 CVE-2016-5842 CVE-2016-7947 CVE-2016-7948 CVE-2016-9445 CVE-2016-9446 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 CVE-2017-18190 CVE-2017-18248 CVE-2017-5843 CVE-2017-5848 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2019-14861 CVE-2019-14870 CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 SUSE-SU-2015:1041-1 SUSE-SU-2016:0092-1 SUSE-SU-2016:0715-1 SUSE-SU-2016:1100-1 SUSE-SU-2016:1784-1 SUSE-SU-2019:3319-1 SUSE-SU-2020:3269-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 SUSE Linux Enterprise Module for Python2 packages 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information libjavascriptcoregtk-4_0-18-2.20.2-lp150.1 is installed OR libwebkit2gtk-4_0-37-2.20.2-lp150.1 is installed OR libwebkit2gtk3-lang-2.20.2-lp150.1 is installed OR typelib-1_0-JavaScriptCore-4_0-2.20.2-lp150.1 is installed OR typelib-1_0-WebKit2-4_0-2.20.2-lp150.1 is installed OR webkit2gtk-4_0-injected-bundles-2.20.2-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libzstd-devel-1.4.2-lp151.3.3 is installed OR libzstd-devel-static-1.4.2-lp151.3.3 is installed OR libzstd1-1.4.2-lp151.3.3 is installed OR libzstd1-32bit-1.4.2-lp151.3.3 is installed OR zstd-1.4.2-lp151.3.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information libldb1-3.6.3-0.33.39 is installed OR libldb1-32bit-3.6.3-0.33.39 is installed OR libsmbclient0-3.6.3-0.33.39 is installed OR libsmbclient0-32bit-3.6.3-0.33.39 is installed OR libtalloc1-3.4.3-1.50 is installed OR libtalloc1-32bit-3.4.3-1.50 is installed OR libtalloc2-3.6.3-0.33.39 is installed OR libtalloc2-32bit-3.6.3-0.33.39 is installed OR libtdb1-3.6.3-0.33.39 is installed OR libtdb1-32bit-3.6.3-0.33.39 is installed OR libtevent0-3.6.3-0.33.39 is installed OR libtevent0-32bit-3.6.3-0.33.39 is installed OR libwbclient0-3.6.3-0.33.39 is installed OR libwbclient0-32bit-3.6.3-0.33.39 is installed OR samba-3.6.3-0.33.39 is installed OR samba-32bit-3.6.3-0.33.39 is installed OR samba-client-3.6.3-0.33.39 is installed OR samba-client-32bit-3.6.3-0.33.39 is installed OR samba-doc-3.6.3-0.33.39 is installed OR samba-krb-printing-3.6.3-0.33.39 is installed OR samba-winbind-3.6.3-0.33.39 is installed OR samba-winbind-32bit-3.6.3-0.33.39 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information compat-openssl097g-0.9.7g-146.22.36 is installed OR compat-openssl097g-32bit-0.9.7g-146.22.36 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND fetchmail-6.3.8.90-13.20.21 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information cups-1.7.5-9 is installed OR cups-client-1.7.5-9 is installed OR cups-libs-1.7.5-9 is installed OR cups-libs-32bit-1.7.5-9 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information xen-4.5.1_12-2 is installed OR xen-kmp-default-4.5.1_12_k3.12.49_11-2 is installed OR xen-libs-4.5.1_12-2 is installed OR xen-libs-32bit-4.5.1_12-2 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information gpgme-1.5.1-1 is installed OR libgpgme11-1.5.1-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information gstreamer-plugins-bad-1.8.3-17 is installed OR gstreamer-plugins-bad-lang-1.8.3-17 is installed OR libgstadaptivedemux-1_0-0-1.8.3-17 is installed OR libgstbadaudio-1_0-0-1.8.3-17 is installed OR libgstbadbase-1_0-0-1.8.3-17 is installed OR libgstbadvideo-1_0-0-1.8.3-17 is installed OR libgstbasecamerabinsrc-1_0-0-1.8.3-17 is installed OR libgstcodecparsers-1_0-0-1.8.3-17 is installed OR libgstgl-1_0-0-1.8.3-17 is installed OR libgstmpegts-1_0-0-1.8.3-17 is installed OR libgstphotography-1_0-0-1.8.3-17 is installed OR libgsturidownloader-1_0-0-1.8.3-17 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information cups-1.7.5-20.17 is installed OR cups-client-1.7.5-20.17 is installed OR cups-libs-1.7.5-20.17 is installed OR cups-libs-32bit-1.7.5-20.17 is installed Definition Synopsis SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 is installed AND Package Information python-waitress-1.4.3-3.3 is installed OR python2-waitress-1.4.3-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed AND Package Information libsamba-policy0-4.9.5+git.224.86a8e66adea-3.18 is installed OR samba-4.9.5+git.224.86a8e66adea-3.18 is installed OR samba-ad-dc-4.9.5+git.224.86a8e66adea-3.18 is installed OR samba-dsdb-modules-4.9.5+git.224.86a8e66adea-3.18 is installed OR samba-libs-python-4.9.5+git.224.86a8e66adea-3.18 is installed OR samba-python-4.9.5+git.224.86a8e66adea-3.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information java-1_8_0-openjdk-1.8.0.65-1 is installed OR java-1_8_0-openjdk-demo-1.8.0.65-1 is installed OR java-1_8_0-openjdk-devel-1.8.0.65-1 is installed OR java-1_8_0-openjdk-headless-1.8.0.65-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_66-default-7-2 is installed OR kgraft-patch-3_12_74-60_64_66-xen-7-2 is installed OR kgraft-patch-SLE12-SP1_Update_23-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information cyrus-sasl-2.1.26-7 is installed OR cyrus-sasl-32bit-2.1.26-7 is installed OR cyrus-sasl-crammd5-2.1.26-7 is installed OR cyrus-sasl-crammd5-32bit-2.1.26-7 is installed OR cyrus-sasl-digestmd5-2.1.26-7 is installed OR cyrus-sasl-gssapi-2.1.26-7 is installed OR cyrus-sasl-gssapi-32bit-2.1.26-7 is installed OR cyrus-sasl-otp-2.1.26-7 is installed OR cyrus-sasl-otp-32bit-2.1.26-7 is installed OR cyrus-sasl-plain-2.1.26-7 is installed OR cyrus-sasl-plain-32bit-2.1.26-7 is installed OR cyrus-sasl-saslauthd-2.1.26-7 is installed OR cyrus-sasl-sqlauxprop-2.1.26-7 is installed OR cyrus-sasl-sqlauxprop-32bit-2.1.26-7 is installed OR libsasl2-3-2.1.26-7 is installed OR libsasl2-3-32bit-2.1.26-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information gpg2-2.0.24-9.3 is installed OR gpg2-lang-2.0.24-9.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-10-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-10-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_90-92_45-default-7-2 is installed OR kgraft-patch-SLE12-SP2_Update_14-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libXv1-1.0.10-7 is installed OR libXv1-32bit-1.0.10-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND binutils-2.32-9.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information glib2-2.48.2-12.15 is installed OR glib2-lang-2.48.2-12.15 is installed OR glib2-tools-2.48.2-12.15 is installed OR libgio-2_0-0-2.48.2-12.15 is installed OR libgio-2_0-0-32bit-2.48.2-12.15 is installed OR libglib-2_0-0-2.48.2-12.15 is installed OR libglib-2_0-0-32bit-2.48.2-12.15 is installed OR libgmodule-2_0-0-2.48.2-12.15 is installed OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed OR libgobject-2_0-0-2.48.2-12.15 is installed OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed OR libgthread-2_0-0-2.48.2-12.15 is installed OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND atftp-0.7.0-160.8 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information alsa-1.0.27.2-15 is installed OR alsa-docs-1.0.27.2-15 is installed OR libasound2-1.0.27.2-15 is installed OR libasound2-32bit-1.0.27.2-15 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND python-PyYAML-3.10-15 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information LibVNCServer-0.9.9-17.11 is installed OR libvncclient0-0.9.9-17.11 is installed OR libvncserver0-0.9.9-17.11 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information glib2-2.48.2-12.15 is installed OR glib2-lang-2.48.2-12.15 is installed OR glib2-tools-2.48.2-12.15 is installed OR libgio-2_0-0-2.48.2-12.15 is installed OR libgio-2_0-0-32bit-2.48.2-12.15 is installed OR libglib-2_0-0-2.48.2-12.15 is installed OR libglib-2_0-0-32bit-2.48.2-12.15 is installed OR libgmodule-2_0-0-2.48.2-12.15 is installed OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed OR libgobject-2_0-0-2.48.2-12.15 is installed OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed OR libgthread-2_0-0-2.48.2-12.15 is installed OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information python-cffi-1.11.2-5.11 is installed OR python-cryptography-2.1.4-7.28 is installed OR python-xattr-0.7.5-6.3 is installed OR python3-cffi-1.11.2-5.11 is installed OR python3-cryptography-2.1.4-7.28 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-Django1-1.11.20-3.3 is installed
BACK