[ubuntu/oracular-security] python-flask-cors 4.0.1-1ubuntu0.1 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Wed Jul 2 04:25:07 UTC 2025
python-flask-cors (4.0.1-1ubuntu0.1) oracular-security; urgency=medium
* SECURITY UPDATE: Unauthorized Cross-Origin Access
- debian/patches/CVE-2024-6839-1.patch: Sort paths by regex
specificity
- debian/patches/CVE-2024-6839-2.patch: Sort paths longest to
shortest
- debian/patches/CVE-2024-6839-3.patch: Rename "helper_tests.py" to
"test_helpers.py".
- CVE-2024-6839
* SECURITY UPDATE: Private Resource Exposure
- debian/patches/CVE-2024-6221.patch: Add option to allow
"Access-Control-Allow-Private-Network" CORS header to be false
- CVE-2024-6221
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-6866.patch: Implements case sensitive
request path matching
- CVE-2024-6866
* SECURITY UPDATE: Undefined CORS Policy Application
- debian/patches/CVE-2024-6844.patch: Fix incorrect path normalization
- CVE-2024-6844
Date: 2025-07-01 01:01:01.927367+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
https://launchpad.net/ubuntu/+source/python-flask-cors/4.0.1-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list