[Bug 1432555] Re: Please fix handling of cookies on redirect

Marc Deslauriers marc.deslauriers at canonical.com
Mon Mar 16 11:25:56 UTC 2015 

** Package changed: python-requests (Ubuntu) => requests (Ubuntu)

** Also affects: requests (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780506
   Importance: Unknown
       Status: Unknown

** Also affects: requests (Ubuntu Vivid)
   Importance: Undecided
       Status: New

** Also affects: requests (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: requests (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: requests (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Changed in: requests (Ubuntu Precise)
       Status: New => Confirmed

** Changed in: requests (Ubuntu Trusty)
       Status: New => Confirmed

** Changed in: requests (Ubuntu Utopic)
       Status: New => Confirmed

** Changed in: requests (Ubuntu Vivid)
       Status: New => Confirmed

** Changed in: requests (Ubuntu Precise)
       Status: Confirmed => Invalid

** Changed in: requests (Ubuntu Trusty)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: requests (Ubuntu Utopic)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: requests (Ubuntu Vivid)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to requests in Ubuntu.
https://bugs.launchpad.net/bugs/1432555

Title:
  Please fix handling of cookies on redirect

Status in requests package in Ubuntu:
  Confirmed
Status in requests source package in Precise:
  Invalid
Status in requests source package in Trusty:
  Confirmed
Status in requests source package in Utopic:
  Confirmed
Status in requests source package in Vivid:
  Confirmed
Status in requests package in Debian:
  Unknown

Bug description:
  Requests 2.6.0 includes a fix for CVE-2015-2296[0] which is present in
  all versions of python-requests in Ubuntu since trusty. For more
  information, see the CVE requests at [1].

  I believe that the fix happens in the commit in [2].

  
  [0] http://docs.python-requests.org/en/latest/community/updates/#id1
  [1] http://www.openwall.com/lists/oss-security/2015/03/14/4
  [2] https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/requests/+bug/1432555/+subscriptions

More information about the foundations-bugs mailing list