Package: gunicorn Version: 0.14.5-3+deb7u1 X-Debbugs-CC: [email protected] Severity: grave Tags: security
Hi, The following vulnerability was published for gunicorn. CVE-2018-1000164[0]: | gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of | CRLF Sequences in HTTP Headers vulnerability in "process_headers" | function in "gunicorn/http/wsgi.py" that can result in an attacker | causing the server to return arbitrary HTTP headers. This | vulnerability appears to have been fixed in 19.5.0. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1000164 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000164 Regards, -- ,''`. : :' : Chris Lamb `. `'` [email protected] / chris-lamb.co.uk `-
