diff mbox series

[meta-python,1/4] python3-werkzeug: upgrade 3.1.4 -> 3.1.5

Message ID 20260119175505.777598-1-skandigraun@gmail.com
State Under Review
Headers show
Series [meta-python,1/4] python3-werkzeug: upgrade 3.1.4 -> 3.1.5 | expand

Commit Message

Gyorgy Sarvari Jan. 19, 2026, 5:55 p.m. UTC 
Contains fix for CVE-2026-21860

Changelog:
- safe_join on Windows does not allow more special device names,
  regardless of extension or surrounding spaces.
- The multipart form parser handles a \r\n sequence at a chunk boundary.
  This fixes the previous attempt, which caused incorrect content lengths.
- Fix AttributeError when initializing DebuggedApplication with pin_security=False.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../{python3-werkzeug_3.1.4.bb => python3-werkzeug_3.1.5.bb}    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-werkzeug_3.1.4.bb => python3-werkzeug_3.1.5.bb} (90%)
diff mbox series

Patch

diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb
similarity index 90%
rename from meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb
rename to meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb
index 0886dbfef1..1df88b78d0 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb
+++ b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb
@@ -10,7 +10,7 @@  HOMEPAGE = "https://werkzeug.palletsprojects.com"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462"
 
-SRC_URI[sha256sum] = "cd3cd98b1b92dc3b7b3995038826c68097dcb16f9baa63abe35f20eafeb9fe5e"
+SRC_URI[sha256sum] = "6a548b0e88955dd07ccb25539d7d0cc97417ee9e179677d22c7041c8f078ce67"
 
 CVE_PRODUCT = "werkzeug"