[ubuntu-cloud-archive/cloud-tools-proposed] requests (Accepted)

Scott Moser smoser at ubuntu.com
Thu Dec 17 17:28:53 UTC 2015


 requests (2.2.1-1ubuntu0.3~ctools0) precise; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 requests (2.2.1-1ubuntu0.3) trusty-proposed; urgency=medium
 .
   * SRU, update python3.4 for trusty. LP: #1433324.
   * Build a -whl package (setuptools is needed to build the wheel package).
 .
 requests (2.2.1-1ubuntu0.2) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: Session fixation and cookie stealing issue
     (LP: #1432555).
     - debian/patches/CVE-2015-2296.patch: extract cookies from the original
       request (which still has the host which returned the cookies)
     - CVE-2015-2296
 .
 requests (2.2.1-1ubuntu0.1) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: Authorization header disclosure on redirect
     - debian/patches/CVE-2014-1829.patch: if redirected, strip
       authentication header in requests/sessions.py, add
       should_bypass_proxies() to requests/utils.py.
     - CVE-2014-1829
   * SECURITY UPDATE: Proxy-Authorization header disclosure on redirect
     - debian/patches/CVE-2014-1830.patch: also strip proxy headers in
       requests/sessions.py, added test to test_requests.py.
     - CVE-2014-1830

Date: Mon, 14 Dec 2015 14:25:15 -0500
Changed-By: Scott Moser <smoser at ubuntu.com>
Signed-By: Scott Moser <smoser at ubuntu.com> 
Published-By: Scott Moser <smoser at ubuntu.com>


More information about the Cloud-tools-changes mailing list