Your message dated Sat, 28 May 2022 18:32:31 +0000
with message-id <[email protected]>
and subject line Bug#1008234: fixed in python-scrapy 2.4.1-2+deb11u1
has caused the Debian Bug report #1008234,
regarding python-scrapy: CVE-2022-0577: Incorrect Authorization and Exposure of
Sensitive Information to an Unauthorized Actor
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1008234: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008234
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-scrapy
Version: 1.5.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.4.1-2
Control: found -1 2.5.1-2
Hi,
The following vulnerability was published for python-scrapy.
CVE-2022-0577[0]:
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub
| repository scrapy/scrapy prior to 2.6.1.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-0577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0577
[1] https://github.com/advisories/GHSA-cjvr-mfj7-j4j8
[2] https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585
[3]
https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-scrapy
Source-Version: 2.4.1-2+deb11u1
Done: Stefano Rivera <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-scrapy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefano Rivera <[email protected]> (supplier of updated python-scrapy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 20 May 2022 16:11:00 -0400
Source: python-scrapy
Architecture: source
Version: 2.4.1-2+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Stefano Rivera <[email protected]>
Closes: 1008234
Changes:
python-scrapy (2.4.1-2+deb11u1) bullseye; urgency=medium
.
* Team upload.
* Security fix for CVE-2021-41125: Don't send authentication data with all
requests. Provide a http_auth_domain spider attribute to control which
domains are allowed to receive the configured HTTP authentication
credentials.
* Security Fix CVE-2022-0577: Don't expose cookies cross-domain when
redirected. (Closes: #1008234)
Checksums-Sha1:
5957f93c49364e68e7e243440b8920353e243e4d 2079 python-scrapy_2.4.1-2+deb11u1.dsc
c1790964cebe6579aa6eba4945e6268141112025 12392
python-scrapy_2.4.1-2+deb11u1.debian.tar.xz
066aa46316d611cabe53dd8575de7352ca207752 5883
python-scrapy_2.4.1-2+deb11u1_source.buildinfo
Checksums-Sha256:
8c9b345575927a829f8f65b1a03118de9de8f89b0489991699b88471d40ddf14 2079
python-scrapy_2.4.1-2+deb11u1.dsc
5e9eecdffe80d641537dffb7b46e02f2e06452fdbe9f65778a5c394f4a02b9d1 12392
python-scrapy_2.4.1-2+deb11u1.debian.tar.xz
435427868aa21c97a7c778e5d33df1f3ab2b2b84f7f2fc1a6fafa8461258f028 5883
python-scrapy_2.4.1-2+deb11u1_source.buildinfo
Files:
46e1fbf6fa0bc97ba93f4cccfbfef10f 2079 python optional
python-scrapy_2.4.1-2+deb11u1.dsc
0456d7806dc64f56edc1dbf9cb114071 12392 python optional
python-scrapy_2.4.1-2+deb11u1.debian.tar.xz
d73d685f195f6961728f26fd89353410 5883 python optional
python-scrapy_2.4.1-2+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCYof2ERQcc3RlZmFub3JA
ZGViaWFuLm9yZwAKCRBHew2wJjpU2FkqAP0TGJay7ksBCuUSnOe8pFD/yv8zxX16
D5RAFrq+BIN3wAD8CPjCN3MJl1nfrSI8mofoCOOl4JFOHFpA8KyZ+KPXdAw=
=wInu
-----END PGP SIGNATURE-----
--- End Message ---
