Summary: | <dev-python/requests-2.6.0: multiple vulnerabilities (CVE-2015-2296) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/03/14/4 | ||
Whiteboard: | B3 [noglsa/cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-03-16 08:11:10 UTC
*requests-2.6.0 (26 Mar 2015) 26 Mar 2015; Patrick Lauer <patrick@gentoo.org> +requests-2.6.0.ebuild: Bump @arches please stabilize dev-python/requests-2.6.0 Stable for HPPA. Arches, please test and mark stable: =dev-python/requests-2.6.0 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86" Thank you! CVE-2015-2296 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2296): The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. amd64 stable x86 stable ppc64 stable ppc stable alpha stable ia64 stable sparc stable arm stable, all arches done. + 21 May 2015; Justin Lecher <jlec@gentoo.org> + -files/requests-1.2.0-system-cacerts.patch, + -files/requests-1.2.0-system-libs.patch, + -files/requests-1.2.1-urllib3-py3.patch, -requests-2.3.0.ebuild: + Drop vulnerable version, bug #543480 + Cleaned. Arches and Maintainer(s), Thank you for your work. Security Please Vote First GLSA Vote: Yes I vote NO, tiebreaker required. Vote: NO, closing. |