From ecf359d2562795ca8de18f12f117cd654c30965e Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Mon, 19 Jan 2026 18:55:02 +0100 Subject: [PATCH] python3-werkzeug: upgrade 3.1.4 -> 3.1.5 Contains fix for CVE-2026-21860 Changelog: - safe_join on Windows does not allow more special device names, regardless of extension or surrounding spaces. - The multipart form parser handles a \r\n sequence at a chunk boundary. This fixes the previous attempt, which caused incorrect content lengths. - Fix AttributeError when initializing DebuggedApplication with pin_security=False. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- .../{python3-werkzeug_3.1.4.bb => python3-werkzeug_3.1.5.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-werkzeug_3.1.4.bb => python3-werkzeug_3.1.5.bb} (90%) diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb similarity index 90% rename from meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb rename to meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb index 0886dbfef1..1df88b78d0 100644 --- a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb +++ b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.5.bb @@ -10,7 +10,7 @@ HOMEPAGE = "https://werkzeug.palletsprojects.com" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462" -SRC_URI[sha256sum] = "cd3cd98b1b92dc3b7b3995038826c68097dcb16f9baa63abe35f20eafeb9fe5e" +SRC_URI[sha256sum] = "6a548b0e88955dd07ccb25539d7d0cc97417ee9e179677d22c7041c8f078ce67" CVE_PRODUCT = "werkzeug"