Date: Fri, 19 Sep 2014 22:10:01 +0200 From: Jakub Wilk <jwilk@...ian.org> To: oss-security@...ts.openwall.com Subject: python-requests: CVE-2014-1829, CVE-2014-1830: password disclosure on redirect FYI: a while ago python-requests 2.3.0 was released, with the following bugfix: * No longer expose Authorization or Proxy-Authorization headers on redirect. Fix CVE-2014-1829 and CVE-2014-1830 respectively. References: https://bugs.debian.org/733108 https://github.com/kennethreitz/requests/issues/1885 https://bugzilla.redhat.com/show_bug.cgi?id=1046626 -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ