CVE-2017-14158

Priority
Description
Scrapy 1.4 allows remote attackers to cause a denial of service (memory
consumption) via large files because arbitrarily many files are read into
memory, which is especially problematic if the files are then individually
written in a separate thread to a slow storage resource, as demonstrated by
interaction between dataReceived (in core/downloader/handlers/http11.py)
and S3FilesStore.
Notes
msalvatoreno upstream fix as of 2019-03-06
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was deferred [2019-06-06])
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2019-06-06)
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2019-06-06)
Ubuntu 19.04 (Disco Dingo):deferred (2019-06-06)
Ubuntu 19.10 (Eoan):deferred (2019-06-06)
More Information

Updated: 2019-10-18 02:31:25 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)