waitress (0.8.9-2+deb8u1) jessie-security; urgency=high

  * CVE-2019-16789: Prevent a potential HTTP request smuggling vulnerability.
    If a proxy server is used in front of waitress, an invalid request may be
    sent by an attacker that bypasses the front-end and is parsed differently
    by waitress leading to a potential for request smuggling. Specially crafted
    requests containing special whitespace characters in the Transfer-Encoding
    header would get parsed by Waitress as being a chunked request, but a
    front-end server would use the Content-Length instead as the
    Transfer-Encoding header is considered invalid due to containing invalid
    characters. If a front-end server does HTTP pipelining to a backend
    Waitress server this could lead to HTTP request splitting which may lead to
    potential cache poisoning or information disclosure. (Closes: #947433)

 -- Chris Lamb <lamby@debian.org>  Sat, 28 Dec 2019 17:33:13 +0000

waitress (0.8.9-2) unstable; urgency=medium

  * Fix FTBFS (Closes: #765126).

 -- Andrew Shadura <andrewsh@debian.org>  Mon, 13 Oct 2014 21:56:21 +0200

waitress (0.8.9-1) unstable; urgency=medium

  * New upstream release.

 -- Andrew Shadura <andrewsh@debian.org>  Wed, 08 Oct 2014 15:58:50 +0200

waitress (0.8.8-3) unstable; urgency=low

  * Build against python3.4.
  * Fix shebangs in waitress-serve scripts.

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 24 Apr 2014 08:12:29 +0200

waitress (0.8.8-2) unstable; urgency=low

  * Fix the package description.
  * Bump Standards-Version (no changes).

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 24 Apr 2014 07:45:00 +0200

waitress (0.8.8-1) unstable; urgency=low

  * New upstream release.

 -- Andrew Shadura <andrewsh@debian.org>  Sat, 14 Dec 2013 20:55:11 +0100

waitress (0.8.7-3) unstable; urgency=low

  * Switch to using dh-python instead of versioned depends
    on python3 (Closes: #731532).

 -- Andrew Shadura <andrewsh@debian.org>  Sat, 14 Dec 2013 17:53:03 +0100

waitress (0.8.7-2) unstable; urgency=low

  * Update the watch file.
  * Use alternatives to ensure co-installability of python2 and python3
    versions (Closes: #725260).

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 03 Oct 2013 15:44:25 +0200

waitress (0.8.7-1) unstable; urgency=low

  * New upstream version.

 -- Andrew Shadura <andrewsh@debian.org>  Wed, 02 Oct 2013 20:49:35 +0200

waitress (0.8.1-2) unstable; urgency=low

  * Upload to unstable.
  * Remove erroneous patch.

 -- Andrew Shadura <andrewsh@debian.org>  Sat, 13 Apr 2013 15:25:34 +0200

waitress (0.8.1-1) experimental; urgency=low

  * Initial release.

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 21 Mar 2013 21:02:04 +0100
