Update llhttp to 9.2.1, fixing CVE-2024-27982. Additionally, llhttp 9.2.0 contained a number of bug fixes. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3.
Comment
New upstream release (125.0) New upstream release (124.0.2)
This update includes httpd version 2.4.59, fixing various security issues and bugs. See https://downloads.apache.org/httpd/CHANGES_2.4.59 for complete details of the changes in this release.
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589
Gergo Koteles discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed in combination with xdg-desktop-portal.