Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.announce.security > #4808

[SECURITY] [DSA 6141-1] python-aiohttp security update

From Moritz Muehlenhoff <jmm@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6141-1] python-aiohttp security update
Date 2026-05-01 17:40 +0200
Message-ID <MPY8a-1NMg-5@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6241-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 01, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : python-aiohttp
CVE ID         : CVE-2025-69223 CVE-2025-69224 CVE-2025-69225
                 CVE-2025-69226 CVE-2025-69227 CVE-2025-69228
		 CVE-2025-69229

Multiple security vulnerabilities were discovered in Python aiohttp, an
asynchronous HTTP client/server for asyncio, which could result in
denial of service, HTTP request smuggling or information disclosure.

For the stable distribution (trixie), these problems have been fixed in
version 3.11.16-1+deb13u1.

We recommend that you upgrade your python-aiohttp packages.

For the detailed security status of python-aiohttp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-aiohttp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn0xHYACgkQEMKTtsN8
TjYc0w/+NAYKHwob8Dp5MXRkGHmbGdJF5j4Bhb5PH++Fk4qAAGkxNlmqCL1NRnKB
W2QfsQtXAP6UDoTqqBcAeIVpYUnMb56eIRQsWYhAtHsEeZCd+hm4aFiK6ThIwzLV
2yqu6mtojGjEZph6u68ciDT6zUXQB/dKdhe9eurzje/5eJftW5ZqWwb7iDyZUHJg
WATtCdNx/UYpxq2djdcGdm3K+DGUFi6jxt6V6K1TissahnfzYCyP/fSpEZ9OOKPj
U7AiT6pBUv3tEzfOriMgZdDYDI8sonmTMQVg6cT7m9CRGUtapsjEMrLUu1M3L37y
0tjfy3zmHDa5/M7lOhKb2rN3scab9mG7GoxOvjfQlVSDxFORz9Xa3NmTP679Ya5/
A0uBSDDE9TYqV1DtBykzbIOondyrnbepNEfNH0KKlrpsTLoxfuitmUHxpwQIpDSJ
p9PT31EifurF1UVNhga7/pDsnysNnqDty5xLrSzuJrKqA4+3Bcdk/RI7PjuA8FWJ
4C+6ULkkowP9HnQRU7nTjJ/770UPgDplPmWB5OrpZGQogjimHygKd2M+gbWXlYQI
vjups4PFIIiZo6Cw8sSzNAkMYvmoilqA4j2cATMssUbv55zIU3QjOY7g1uihqkQS
WoF08ZQP30JTxpc+lW6gS9ITzF7fHvni6nmvZq2ATOv9ppG3rHk=
=bXVa
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6141-1] python-aiohttp security update Moritz Muehlenhoff <jmm@debian.org> - 2026-05-01 17:40 +0200

csiph-web