CVSROOT: /cvs Module name: ports Changes by: [email protected] 2018/11/02 08:28:38
Modified files:
www/py-requests: Makefile distinfo
Log message:
Update to py-requests-2.20.0
This fixes CVE-2018-18074: "before 2.20.0 sends an HTTP Authorization header to
an http URI upon receiving a same-hostname https-to-http redirect, which makes
it easier for remote attackers to discover credentials by sniffing the
network."
Based on a diff from Edward Lopez-Acosta
