OPENSUSE-SU-2020:1911-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 14 Nov 2020, 05:25
Last modified:04 Feb 2026, 03:23
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Nov 2020, 05:25
Published
Vulnerability first disclosed
04 Feb 2026, 03:23
Last Modified
Vulnerability information updated
Description
Security update for python-waitress This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670). This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•python-waitress&distro=openSUSE Leap 15.2
< 1.4.3-lp152.4.3.1
References (9)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UJJZZBFM5QXR7M5AN4LQ7NPOLQIU3QCU/
- https://bugzilla.suse.com/1160790
- https://bugzilla.suse.com/1161088
- https://bugzilla.suse.com/1161089
- https://bugzilla.suse.com/1161670
- https://www.suse.com/security/cve/CVE-2019-16785
- https://www.suse.com/security/cve/CVE-2019-16786
- https://www.suse.com/security/cve/CVE-2019-16789
- https://www.suse.com/security/cve/CVE-2019-16792