SecurityHome.eu [SECURITY] [DSA 6161-1] multipart security update

Home / mailings PDF

[SECURITY] [DSA 6161-1] multipart security update
Posted on 12 March 2026
Debian Security Advisory
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6161-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 12, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : multipart
CVE ID : CVE-2026-28356

It was discovered that the parse_options_header() function of multipart,
a Python multipart/form-data parser was susceptible to denial of service
via malformed request headers or multipart/form-data streams.

For the stable distribution (trixie), this problem has been fixed in
version 1.2.1-2+deb13u1.

We recommend that you upgrade your multipart packages.

For the detailed security status of multipart please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/multipart

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

TOP

Mailings :

Last 20

Exploits :

Last 20