Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 19 Sep 2014 22:10:01 +0200
From: Jakub Wilk <>
Subject: python-requests: CVE-2014-1829, CVE-2014-1830: password disclosure
 on redirect

FYI: a while ago python-requests 2.3.0 was released, with the following 

* No longer expose Authorization or Proxy-Authorization headers on 
redirect. Fix CVE-2014-1829 and CVE-2014-1830 respectively.


Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ