[Git][security-tracker-team/security-tracker][master] Add new python-aiohttp issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 22 21:18:48 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb52c237 by Salvatore Bonaccorso at 2026-06-22T22:18:23+02:00
Add new python-aiohttp issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,21 +105,37 @@ CVE-2026-54282 (Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.
 	NOTE: https://github.com/Kludex/starlette/pull/3326
 	NOTE: Fixed by: https://github.com/Kludex/starlette/commit/167b5850e809f38b27fbfed62d58bf6442855975 (1.3.0)
 CVE-2026-54280 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
-	TODO: check
+	- python-aiohttp 3.14.1-1
+	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9x8q-7h8h-wcw9
+	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/a762eda5242f6490d6ba667533193f8b473ad587 (v3.14.1)
 CVE-2026-54279 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
-	TODO: check
+	- python-aiohttp 3.14.1-1
+	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-2fqr-mr3j-6wp8
+	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/a329a7aacad5284f087af36103aff778746da0f2 (v3.14.1)
 CVE-2026-54278 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
-	TODO: check
+	- python-aiohttp 3.14.1-1
+	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g3cq-j2xw-wf74
+	NOTE: Fixed by; https://github.com/aio-libs/aiohttp/commit/4f7480e474cccc6a8cc2c92ad3f17a31dedf8232 (v3.14.1)
 CVE-2026-54277 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
-	TODO: check
+	- python-aiohttp 3.14.1-1
+	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hw-fmq6-xxg2
+	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/5ab61bb4cd88f19b712f12c7c9295fe262bf804d (v3.14.1)
 CVE-2026-54276 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
-	TODO: check
+	- python-aiohttp 3.14.1-1
+	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hpj7-wq8m-9hgp
+	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/38d16060037e1bfcd6d677abababa3c2a4bb58fa (v3.14.1)
 CVE-2026-54275 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
-	TODO: check
+	- python-aiohttp 3.14.1-1
+	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-4m7w-qmgq-4wj5
+	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/0ca2b6c28a25726527a8b60f25960262a91ed0e0 (v3.14.1)
 CVE-2026-54274 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
-	TODO: check
+	- python-aiohttp 3.14.1-1
+	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xcgm-r5h9-7989
+	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/14b6ee851fb16ec199acb950de0c82d476799e7d (v3.14.1)
 CVE-2026-54273 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
-	TODO: check
+	- python-aiohttp 3.14.1-1
+	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-4fvr-rgm6-gqmc
+	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/dfdfa9d5aad5d21f91c79fb2ceeba0f8046cb6cf (v3.14.1)
 CVE-2026-54271 (protobufjs-cli is the command line add-on for protobuf.js. Prior to 1. ...)
 	TODO: check
 CVE-2026-54270 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
@@ -171,7 +187,9 @@ CVE-2026-50556 (Angular is a development platform for building mobile and deskto
 CVE-2026-50555 (Angular is a development platform for building mobile and desktop web  ...)
 	TODO: check
 CVE-2026-50269 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
-	TODO: check
+	- python-aiohttp 3.14.0-1
+	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m6qw-4cw2-hm4m
+	NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/bf88077ebb14f4c29924b8e8904cba20c55c28b8 (v3.14.0)
 CVE-2026-50184 (Angular is a development platform for building mobile and desktop web  ...)
 	TODO: check
 CVE-2026-50178 (The Angular Language Service VS Code Extension provides a rich editing ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb52c2375b30a3186bbf46a545064635594629f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb52c2375b30a3186bbf46a545064635594629f1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260622/cf339082/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list