[Bug 1432555] Re: Please fix handling of cookies on redirect

Mon Mar 16 12:24:00 UTC 2015

The attachment "debdiff fixing CVE-2015-2296 in trusty" seems to be a
debdiff.  The ubuntu-sponsors team has been subscribed to the bug report
so that they can review and hopefully sponsor the debdiff.  If the
attachment isn't a patch, please remove the "patch" flag from the
attachment, remove the "patch" tag, and if you are member of the
~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-2296

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to requests in Ubuntu.
https://bugs.launchpad.net/bugs/1432555

Title:
  Please fix handling of cookies on redirect

Status in requests package in Ubuntu:
  Confirmed
Status in requests source package in Precise:
  Invalid
Status in requests source package in Trusty:
  Confirmed
Status in requests source package in Utopic:
  Confirmed
Status in requests source package in Vivid:
  Confirmed
Status in requests package in Debian:
  Unknown

Bug description:
  Requests 2.6.0 includes a fix for CVE-2015-2296[0] which is present in
  all versions of python-requests in Ubuntu since trusty. For more
  information, see the CVE requests at [1].

  I believe that the fix happens in the commit in [2].

  [0] http://docs.python-requests.org/en/latest/community/updates/#id1
  [1] http://www.openwall.com/lists/oss-security/2015/03/14/4
  [2] https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/requests/+bug/1432555/+subscriptions