From: Julien Olivain via buildroot <buildroot@buildroot.org>
To: Titouan Christophe <titouan.christophe@mind.be>
Cc: buildroot@buildroot.org,
James Hilliard <james.hilliard1@gmail.com>,
Marcus Hoffmann <buildroot@bubu1.eu>
Subject: Re: [Buildroot] [PATCH] package/python-starlette: security bump to v0.47.2
Date: Tue, 22 Jul 2025 19:13:41 +0200 [thread overview]
Message-ID: <89ea7ca109bb518019aa74799dacfef2@free.fr> (raw)
In-Reply-To: <20250722111000.88565-1-titouan.christophe@mind.be>
On 22/07/2025 13:10, Titouan Christophe via buildroot wrote:
> This fixes the following vulnerability:
>
> - CVE-2025-54121:
> Starlette is a lightweight ASGI (Asynchronous Server Gateway
> Interface) framework/toolkit, designed for building async web
> services
> in Python. In versions 0.47.1 and below, when parsing a multi-part
> form with large files (greater than the default max spool size)
> starlette will block the main thread to roll the file over to disk.
> This blocks the event thread which means the application can't
> accept
> new connections. The UploadFile code has a minor bug where instead
> of
> just checking for self._in_memory, the logic should also check if
> the
> additional bytes will cause a rollover. The vulnerability is fixed
> in
> version 0.47.2.
> https://www.cve.org/CVERecord?id=CVE-2025-54121
>
> Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Applied to master, thanks.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2025-07-22 17:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-22 11:10 [Buildroot] [PATCH] package/python-starlette: security bump to v0.47.2 Titouan Christophe via buildroot
2025-07-22 12:31 ` Marcus Hoffmann via buildroot
2025-07-22 17:13 ` Julien Olivain via buildroot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89ea7ca109bb518019aa74799dacfef2@free.fr \
--to=buildroot@buildroot.org \
--cc=buildroot@bubu1.eu \
--cc=james.hilliard1@gmail.com \
--cc=ju.o@free.fr \
--cc=titouan.christophe@mind.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.