oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

python-requests: CVE-2014-1829, CVE-2014-1830: password disclosure on redirect

From: Jakub Wilk <jwilk () debian org>
Date: Fri, 19 Sep 2014 22:10:01 +0200
FYI: a while ago python-requests 2.3.0 was released, with the following bugfix:
* No longer expose Authorization or Proxy-Authorization headers on redirect. Fix CVE-2014-1829 and CVE-2014-1830 respectively. 


References:
https://bugs.debian.org/733108
https://github.com/kennethreitz/requests/issues/1885
https://bugzilla.redhat.com/show_bug.cgi?id=1046626

--
Jakub Wilk
Previous By Date Next
Previous By Thread Next

Current thread: