You are here
Home > Preporuke > Sigurnosni nedostatak python modula urllib3 i requests

Sigurnosni nedostatak python modula urllib3 i requests

——————————————————————————–
Fedora Update Notification
FEDORA-2015-4084
2015-03-18 05:57:55
——————————————————————————–

Name : python-requests
Product : Fedora 21
Version : 2.5.3
Release : 2.fc21
URL : http://pypi.python.org/pypi/requests
Summary : HTTP library, written in Python, for human beings
Description :
Most existing Python modules for sending HTTP requests are extremely verbose and
cumbersome. Python’s built-in urllib2 module provides most of the HTTP
capabilities you should need, but the API is thoroughly broken. This library is
designed to make HTTP requests easy for developers.

——————————————————————————–
Update Information:

Backport of patch to not ascribe cookies to the target domain.

– https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc

– http://www.openwall.com/lists/oss-security/2015/03/14/4
——————————————————————————–
ChangeLog:

* Mon Mar 16 2015 Ralph Bean <rbean@redhat.com> – 2.5.3-2
– Backport fix for CVE-2015-2296.
* Thu Feb 26 2015 Ralph Bean <rbean@redhat.com> – 2.5.3-1
– new version
* Wed Feb 18 2015 Ralph Bean <rbean@redhat.com> – 2.5.1-1
– new version
* Tue Dec 16 2014 Ralph Bean <rbean@redhat.com> – 2.5.0-3
– Pin python-urllib3 requirement at 1.10.
– Fix requirement pinning syntax.
* Thu Dec 11 2014 Ralph Bean <rbean@redhat.com> – 2.5.0-2
– Do the most basic of tests in the check section.
* Thu Dec 11 2014 Ralph Bean <rbean@redhat.com> – 2.5.0-1
– Latest upstream, 2.5.0 for #1171068
* Wed Nov 5 2014 Ralph Bean <rbean@redhat.com> – 2.4.3-1
– Latest upstream, 2.4.3 for #1136283
* Wed Nov 5 2014 Ralph Bean <rbean@redhat.com> – 2.3.0-4
– Re-do unbundling by symlinking system libs into the requests/packages/ dir.
——————————————————————————–
References:

[ 1 ] Bug #1202904 – CVE-2015-2296 python-requests: session fixation and cookie stealing vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1202904
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update python-requests’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-4084
2015-03-18 05:57:55
——————————————————————————–

Name : python-urllib3
Product : Fedora 21
Version : 1.10.2
Release : 1.fc21
URL : http://urllib3.readthedocs.org/
Summary : Python HTTP library with thread-safe connection pooling and file post
Description :
Python HTTP module with connection pooling and file POST abilities.

——————————————————————————–
Update Information:

Backport of patch to not ascribe cookies to the target domain.

– https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc

– http://www.openwall.com/lists/oss-security/2015/03/14/4
——————————————————————————–
ChangeLog:

* Thu Feb 26 2015 Ralph Bean <rbean@redhat.com> – 1.10.2-1
– new version
* Wed Feb 18 2015 Ralph Bean <rbean@redhat.com> – 1.10.1-1
– new version
* Wed Feb 18 2015 Ralph Bean <rbean@redhat.com> – 1.10.1-1
– new version
* Mon Jan 5 2015 Ralph Bean <rbean@redhat.com> – 1.10-2
– Copy in a shim for ssl_match_hostname on python3.
* Sun Dec 14 2014 Ralph Bean <rbean@redhat.com> – 1.10-1
– Latest upstream 1.10, for python-requests-2.5.0.
– Re-do unbundling without patch, with symlinks.
– Modernize python2 macros.
– Remove the with_dummyserver tests which fail only sometimes.
* Wed Nov 5 2014 Ralph Bean <rbean@redhat.com> – 1.9.1-1
– Latest upstream, 1.9.1 for latest python-requests.
——————————————————————————–
References:

[ 1 ] Bug #1202904 – CVE-2015-2296 python-requests: session fixation and cookie stealing vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1202904
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update python-urllib3’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa xerces-c

Otkriven je sigurnosni nedostatak u programskom paketu xerces-c za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje uskraćivanje usluge. Svim...

Close