Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 19 Sep 2014 22:10:01 +0200
From: Jakub Wilk <jwilk@...ian.org>
To: oss-security@...ts.openwall.com
Subject: python-requests: CVE-2014-1829, CVE-2014-1830: password disclosure
 on redirect

FYI: a while ago python-requests 2.3.0 was released, with the following 
bugfix:

* No longer expose Authorization or Proxy-Authorization headers on 
redirect. Fix CVE-2014-1829 and CVE-2014-1830 respectively.


References:
https://bugs.debian.org/733108
https://github.com/kennethreitz/requests/issues/1885
https://bugzilla.redhat.com/show_bug.cgi?id=1046626

-- 
Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ