[ubuntu/jammy-security] python-flask-cors 3.0.9-2ubuntu0.1 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Wed Jul 2 04:25:09 UTC 2025
python-flask-cors (3.0.9-2ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Unauthorized Cross-Origin Access
- debian/patches/CVE-2024-6839-1.patch: Sort paths by regex
specificity
- debian/patches/CVE-2024-6839-2.patch: Sort paths longest to
shortest
- debian/patches/CVE-2024-6839-3.patch: Rename "helper_tests.py" to
"test_helpers.py".
- CVE-2024-6839
* SECURITY UPDATE: Private Resource Exposure
- debian/patches/CVE-2024-6221.patch: Add option to allow
"Access-Control-Allow-Private-Network" CORS header to be false
- CVE-2024-6221
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-6866.patch: Implements case sensitive
request path matching
- CVE-2024-6866
* SECURITY UPDATE: Undefined CORS Policy Application
- debian/patches/CVE-2024-6844.patch: Fix incorrect path normalization
- CVE-2024-6844
* SECURITY UPDATE: Log Injection
- debian/patches/CVE-2024-1681.patch: Update extension.py to clean
request.path before logging it
- CVE-2024-1681
Date: 2025-07-01 01:00:47.560120+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
https://launchpad.net/ubuntu/+source/python-flask-cors/3.0.9-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list