Your message dated Sun, 18 Dec 2016 12:34:24 +0000
with message-id <[email protected]>
and subject line Bug#848392: fixed in python-bottle 0.12.11-1
has caused the Debian Bug report #848392,
regarding python-bottle: CVE-2016-9964: redirect() doesn't filter "\r\n" which
allows for CRLF attack
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
848392: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848392
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-bottle
Version: 0.12.7-1
Severity: important
Tags: security upstream patch
Forwarded: https://github.com/bottlepy/bottle/issues/913
[apologies if this arrives doubled, will merge the two in case yes]
Hi,
the following vulnerability was published for python-bottle.
CVE-2016-9964[0]:
redirect() doesn't filter "\r\n" which allows for CRLF attack
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9964
[1] https://github.com/bottlepy/bottle/issues/913
[2]
https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-bottle
Source-Version: 0.12.11-1
We believe that the bug you reported is fixed in the latest version of
python-bottle, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Federico Ceratto <[email protected]> (supplier of updated python-bottle
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 18 Dec 2016 11:55:28 +0000
Source: python-bottle
Binary: python-bottle python3-bottle python-bottle-doc
Architecture: source all
Version: 0.12.11-1
Distribution: unstable
Urgency: high
Maintainer: David Paleino <[email protected]>
Changed-By: Federico Ceratto <[email protected]>
Description:
python-bottle - fast and simple WSGI-framework for Python
python-bottle-doc - fast and simple WSGI-framework for Python - documentation
python3-bottle - fast and simple WSGI-framework for Python3
Closes: 848392
Changes:
python-bottle (0.12.11-1) unstable; urgency=high
.
* New upstream release (Closes: #848392)
* Add python-setuptools dependency
Checksums-Sha1:
0956899393fdfe3e9cce979c4096c3bb4e6be5df 2383 python-bottle_0.12.11-1.dsc
bfddf9c0ad99b555ff076ecf1602af0d369d3cd5 289102
python-bottle_0.12.11.orig.tar.gz
f8067321f525d6052a96ea9709461c404a1d916a 5948
python-bottle_0.12.11-1.debian.tar.xz
d394876f4aaeb662c2db4f9a5d623246da34ed6b 189590
python-bottle-doc_0.12.11-1_all.deb
6ce40c89f572d60b9d9aa09f9b1cb066f1a9cff8 46268 python-bottle_0.12.11-1_all.deb
6f9e62e71dabd4775ac601905848ed21cec6aa4d 7719
python-bottle_0.12.11-1_amd64.buildinfo
ed84b74062faaca6b2ed2e4855a048d8ba9a01eb 46332 python3-bottle_0.12.11-1_all.deb
Checksums-Sha256:
3f442167166068d2a1aa149cdc84885d8eeb7fc9170fbdcdb1ec2f5c07642bd5 2383
python-bottle_0.12.11-1.dsc
c815cfd1bd0757f4bc9e3d71973477373efba531bb63a8abc320e5550d8403b8 289102
python-bottle_0.12.11.orig.tar.gz
3c5728dacdecc465e4e4b810688aaf52bceccae59838de18bcf56756509e3a66 5948
python-bottle_0.12.11-1.debian.tar.xz
1c59bd90be5ef16d23aff3ab4f37342353750f5848bc0098d57b946eccab0e4d 189590
python-bottle-doc_0.12.11-1_all.deb
3f8eebe29bc94291586e0f7b6944045c553f42ddf22a6afc910b9906284acd44 46268
python-bottle_0.12.11-1_all.deb
dad40ef898dc44843112378862284c50e91424052dd9149bd62c85cf3f72c861 7719
python-bottle_0.12.11-1_amd64.buildinfo
5e00d349dc17f1cc44ae5f5e5081bb573cdc1b5b64cd9eb889794961370f81e3 46332
python3-bottle_0.12.11-1_all.deb
Files:
16c2e1b4531248adf830298b8ea7fca9 2383 python optional
python-bottle_0.12.11-1.dsc
887b907d4f38fa3ab8c8a044c4b846a6 289102 python optional
python-bottle_0.12.11.orig.tar.gz
c3b1144217878c9977c33176dda13ff8 5948 python optional
python-bottle_0.12.11-1.debian.tar.xz
0741e392572d457328c54311d5a70f19 189590 doc optional
python-bottle-doc_0.12.11-1_all.deb
ceb0d970c63e8cd8d8fa2069b5ec17b3 46268 python optional
python-bottle_0.12.11-1_all.deb
e2b6b35b01db08a94f22f000a42ecd61 7719 python optional
python-bottle_0.12.11-1_amd64.buildinfo
bbe4dc27d35ad299fe67cfb8519ebe03 46332 python optional
python3-bottle_0.12.11-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfKfd+zM5IUCMbyuWbzG8RPUXfaoFAlhWfSgACgkQbzG8RPUX
faovqg//ZbPIpo553EqVj0HcXlslsMhu+TkgxEGsC3Lhs+f76UggQEfFzTk3HzDO
pExsVyrypTtCRIu7ngPBZiOOGKtn69PGnXg1GfUQvPCSjld8o0k684iZCO2U/YUX
Dkd//o7KDCfXcR7P1gHTWUa/2Lbpc2sQs4+vcftQ5HZKrqtKOnQ4yY3V+OosTy2S
HyKBkWiiOYk2B+pjlfT/2L3fEiN7sujeWsrAOgGsTgRdtj2CK7JlRGiDNpCajHFV
1ZyWp2IJekJxlwkntFYZdHGYJuAjQ/YSTqhg2AAHPuDlvBNbf++q9xva6Pb0KTsf
whA2JiB+5T5+Zso5pNnDLGdfrY4OJhY8gG1suVeAatFuEsMVQbUY3thYV7V94D+s
5+zeutpweBRTmEjUfBUPi18lORc75ZXQuc2CmQSuYPqZFJkHW6Spqv9h7e8H6pNb
oQ/Vb5xIi3vYWmbcv8Cp8EIbitwn1Zd5vy101NcNTqi3bCUntgp/ModDuDZ5vbR2
m7Kgz8+SF8drdeo/bgSM4D4fe/b2+gUFGuoK7T2Jc4fdIhMR4BKSbmjIlirOXe5M
w1P100Pxd9r74ib/ePPMX2IN/j0q7l/VJFQz575UdNuo5iQ982AP+nI5Hc/QURnE
HgJM0ipn2tM4LorjIvpna4SDLskpsN4veke1Z1muI+8urTuM+y8=
=1vOj
-----END PGP SIGNATURE-----
--- End Message ---