==========================================================================
Ubuntu Security Notice USN-2382-1
October 14, 2014

requests vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS

Summary:

Requests could be made to expose authentication credentials over the
network.

Software Description:
– requests: elegant and simple HTTP library for Python

Details:

Jakub Wilk discovered that Requests incorrectly reused authentication
credentials after being redirected. An attacker could possibly use this
issue to obtain authentication credentials intended for another site.
(CVE-2014-1829, CVE-2014-1830)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
python-requests 2.2.1-1ubuntu0.1
python3-requests 2.2.1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2382-1
CVE-2014-1829, CVE-2014-1830

Package Information:
https://launchpad.net/ubuntu/+source/requests/2.2.1-1ubuntu0.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUPTaCAAoJEGVp2FWnRL6TxeIQAJ09UKjO/54z8y8JmGsT6iib
3n37IUzqKdkTikEfDgLQBRN9G1Njf88ep4eRO+F7V2q3COgpU5ZNUXT/P6E/Ep1W
XobInM1GgTuMIZBmoxMKM9sWbcTE/ZkkIDlb3kgfL2DNQM2LKsli4QOq3b/hsNJX
4N98Y4l4IlghEUXU2JQsGZXiVOYvVjqRPSHCTj0DNnV9cCTZ6064oWISWuqAGwyY
001m1AatIMSqqN8vOOEfiztTtyzH/4HGlE+0hZVOPD7VM7QQ4U516F0jDZ6ErkCP
FjhCHKqegSTkyfex/fDksOhuP9ZBQyyWE6b15OTgbe16ic694yr5xkNxEA0mIRbn
3A/bjImHEUDYiIihURpov5inddIghvAi8dfUPayK9tZvAPsJLzbQO1jTKQ8m04ut
I0EYFPrNv6a9Dhu+JD4phO3Zco+S78aopLQBaYUuFbYbEmXlcWmnn9pJW8hshy7J
85hXIokU7bV5B9Nl+Ob5IxaEuAwcPCt4RhuGztMIhq3ZAZB898zcxam762WdPGwa
l6kEXDe6hAAr6nhdJB5+NXTp+UTCE8VCvT8wRWFfrneIDpGnsCpUYgSkSZcPXSqA
m2d5Sz47w5Gq5ilJTSa4nK3xxPURNg40Tv9tutfJqqnzIcK5ZfM0p1QLqc3fen6V
7q0EHiDForYoK8UTr8r7
=fSRX
—–END PGP SIGNATURE—–
—