Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 19 Sep 2014 22:10:01 +0200
From: Jakub Wilk <>
Subject: python-requests: CVE-2014-1829, CVE-2014-1830: password disclosure
 on redirect

FYI: a while ago python-requests 2.3.0 was released, with the following 

* No longer expose Authorization or Proxy-Authorization headers on 
redirect. Fix CVE-2014-1829 and CVE-2014-1830 respectively.


Jakub Wilk

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.