[ubuntu/plucky-security] python-flask-cors 5.0.0-1ubuntu0.1 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Wed Jul 2 04:25:06 UTC 2025
python-flask-cors (5.0.0-1ubuntu0.1) plucky-security; urgency=medium
* SECURITY UPDATE: Unauthorized Cross-Origin Access
- debian/patches/CVE-2024-6839-1.patch: Sort paths by regex
specificity
- debian/patches/CVE-2024-6839-2.patch: Sort paths longest to
shortest
- debian/patches/CVE-2024-6839-3.patch: Rename "helper_tests.py" to
"test_helpers.py".
- CVE-2024-6839
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-6866.patch: Implements case sensitive
request path matching
- CVE-2024-6866
* SECURITY UPDATE: Undefined CORS Policy Application
- debian/patches/CVE-2024-6844.patch: Fix incorrect path normalization
- CVE-2024-6844
Date: 2025-07-01 01:02:12.615895+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
https://launchpad.net/ubuntu/+source/python-flask-cors/5.0.0-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list