OPENSUSE-SU-2020:1922-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 14 Nov 2020, 17:27
Last modified:04 Feb 2026, 03:28
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Nov 2020, 17:27
Published
Vulnerability first disclosed
04 Feb 2026, 03:28
Last Modified
Vulnerability information updated
Description
Security update for python-waitress This update for python-waitress to 1.4.3 fixes the following security issues: - CVE-2019-16785: HTTP request smuggling through LF vs CRLF handling (bsc#1161088). - CVE-2019-16786: HTTP request smuggling through invalid Transfer-Encoding (bsc#1161089). - CVE-2019-16789: HTTP request smuggling through invalid whitespace characters (bsc#1160790). - CVE-2019-16792: HTTP request smuggling by sending the Content-Length header twice (bsc#1161670). This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•python-waitress&distro=openSUSE Leap 15.1
< 1.4.3-lp151.3.3.1
References (9)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QEMGI3N3BFQA6DBGNM4O7UZIWW6BEPWJ/
- https://bugzilla.suse.com/1160790
- https://bugzilla.suse.com/1161088
- https://bugzilla.suse.com/1161089
- https://bugzilla.suse.com/1161670
- https://www.suse.com/security/cve/CVE-2019-16785
- https://www.suse.com/security/cve/CVE-2019-16786
- https://www.suse.com/security/cve/CVE-2019-16789
- https://www.suse.com/security/cve/CVE-2019-16792