[Git][security-tracker-team/security-tracker][master] Reserve DLA-4613-1 for python-aiohttp

Mon Jun 1 05:43:04 BST 2026


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d407f8b5 by Daniel Leidert at 2026-06-01T06:42:51+02:00
Reserve DLA-4613-1 for python-aiohttp

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -138357,7 +138357,6 @@ CVE-2025-53643 (AIOHTTP is an asynchronous HTTP client/server framework for asyn
 	- python-aiohttp 3.12.15-1 (bug #1109336)
 	[trixie] - python-aiohttp <no-dsa> (Minor issue)
 	[bookworm] - python-aiohttp <no-dsa> (Minor issue)
-	[bullseye] - python-aiohttp <postponed> (Minor issue; request smuggling)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
 	NOTE: https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a (v3.12.14)
 CVE-2025-7628 (A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fb ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Jun 2026] DLA-4613-1 python-aiohttp - security update
+	{CVE-2025-53643 CVE-2025-69224 CVE-2025-69225 CVE-2025-69226 CVE-2025-69227 CVE-2025-69228 CVE-2025-69229 CVE-2026-22815 CVE-2026-34513 CVE-2026-34514 CVE-2026-34516 CVE-2026-34517 CVE-2026-34518 CVE-2026-34519 CVE-2026-34520 CVE-2026-34525}
+	[bullseye] - python-aiohttp 3.7.4-1+deb11u2
 [31 May 2026] DLA-4612-1 sentry-python - security update
 	{CVE-2024-40647}
 	[bullseye] - sentry-python 0.13.2-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -484,10 +484,6 @@ pypdf2 (dleidert)
   NOTE: 20260328: Added by Front-Desk (Beuc)
   NOTE: 20260328: 6 new CVEs, and lots of postponed issues piled-up (Beuc/front-desk)
 --
-python-aiohttp (dleidert)
-  NOTE: 20260106: Added by Front-Desk (lamby)
-  NOTE: 20260301: WIP: making progress backporting the patches (dleidert)
---
 qemu
   NOTE: 20260520: Added by Front-Desk (Beuc)
   NOTE: 20260520: Many postponed CVEs piled up (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d407f8b51a69cbdfe76f9c643df589c3696f3e46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d407f8b51a69cbdfe76f9c643df589c3696f3e46
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/17b52336/attachment-0001.htm>
