Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
52e1df11 by Salvatore Bonaccorso at 2026-06-30T22:38:00+02:00
Weaken assessment for CVE-2026-54278

There was a major refactoring but it is not excluded that the zip bomb
edge case is not present before. Err on the safe side and waken the
claim, but ignore the issue for trixie as backporting the major
refactoring would be too intrusive.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6512,12 +6512,12 @@ CVE-2026-54279 (AIOHTTP is an asynchronous HTTP 
client/server framework for asyn
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/a329a7aacad5284f087af36103aff778746da0f2
 (v3.14.1)
 CVE-2026-54278 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp 3.14.1-1
-       [trixie] - python-aiohttp <not-affected> (Vulnerable code not present)
+       [trixie] - python-aiohttp <ignored> (Intrusive to backport)
        [bookworm] - python-aiohttp <not-affected> (Vulnerable code not present)
        [bullseye] - python-aiohttp <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g3cq-j2xw-wf74
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/4f7480e474cccc6a8cc2c92ad3f17a31dedf8232
 (v3.14.1)
-       NOTE: Introduced by: 
https://github.com/aio-libs/aiohttp/commit/b502ae655c8788b469dcc832923a85d661719699
 (v3.14.0)
+       NOTE: Major rewrite in: 
https://github.com/aio-libs/aiohttp/commit/b502ae655c8788b469dcc832923a85d661719699
 (v3.14.0)
 CVE-2026-54277 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp 3.14.1-1
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-63hw-fmq6-xxg2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52e1df11b5287e35ad35b88c44131cd3dbb05cbe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52e1df11b5287e35ad35b88c44131cd3dbb05cbe
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to