[ubuntu-cloud-archive/cloud-tools-proposed] requests (Accepted)
Scott Moser
smoser at ubuntu.com
Thu Dec 17 17:28:53 UTC 2015
requests (2.2.1-1ubuntu0.3~ctools0) precise; urgency=medium
.
* New update for the Ubuntu Cloud Archive.
.
requests (2.2.1-1ubuntu0.3) trusty-proposed; urgency=medium
.
* SRU, update python3.4 for trusty. LP: #1433324.
* Build a -whl package (setuptools is needed to build the wheel package).
.
requests (2.2.1-1ubuntu0.2) trusty-security; urgency=medium
.
* SECURITY UPDATE: Session fixation and cookie stealing issue
(LP: #1432555).
- debian/patches/CVE-2015-2296.patch: extract cookies from the original
request (which still has the host which returned the cookies)
- CVE-2015-2296
.
requests (2.2.1-1ubuntu0.1) trusty-security; urgency=medium
.
* SECURITY UPDATE: Authorization header disclosure on redirect
- debian/patches/CVE-2014-1829.patch: if redirected, strip
authentication header in requests/sessions.py, add
should_bypass_proxies() to requests/utils.py.
- CVE-2014-1829
* SECURITY UPDATE: Proxy-Authorization header disclosure on redirect
- debian/patches/CVE-2014-1830.patch: also strip proxy headers in
requests/sessions.py, added test to test_requests.py.
- CVE-2014-1830
Date: Mon, 14 Dec 2015 14:25:15 -0500
Changed-By: Scott Moser <smoser at ubuntu.com>
Signed-By: Scott Moser <smoser at ubuntu.com>
Published-By: Scott Moser <smoser at ubuntu.com>
More information about the Cloud-tools-changes
mailing list