Your message dated Mon, 16 Mar 2015 23:03:50 +0000 with message-id <e1yxe34-0008gb...@franck.debian.org> and subject line Bug#780506: fixed in requests 2.4.3-6 has caused the Debian Bug report #780506, regarding requests: CVE-2015-2296: session fixation and cookie stealing issue to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780506: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780506 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: requests Version: 2.4.3-4 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for requests. CVE-2015-2296[0]: session fixation and cookie stealing If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-2296 [1] https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc [2] http://www.openwall.com/lists/oss-security/2015/03/14/4 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: requests Source-Version: 2.4.3-6 We believe that the bug you reported is fixed in the latest version of requests, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniele Tricoli <er...@mornie.org> (supplier of updated requests package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Mar 2015 01:31:10 +0100 Source: requests Binary: python-requests python3-requests python-requests-whl Architecture: source all Version: 2.4.3-6 Distribution: unstable Urgency: medium Maintainer: Debian Python Modules Team <python-modules-t...@lists.alioth.debian.org> Changed-By: Daniele Tricoli <er...@mornie.org> Description: python-requests - elegant and simple HTTP library for Python2, built for human bein python-requests-whl - elegant and simple HTTP library for Python, built for human being python3-requests - elegant and simple HTTP library for Python3, built for human bein Closes: 780506 Changes: requests (2.4.3-6) unstable; urgency=medium . * debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch - Fix session fixation and cookie stealing: CVE-2015-2296. (Closes: #780506) Checksums-Sha1: 10a2f07be9a9c7de754465b27377b0acb74215c7 2272 requests_2.4.3-6.dsc 51ea18c911f5546fe1e7890758886fe0f3d9a3b9 8688 requests_2.4.3-6.debian.tar.xz b1b9b89af2facc5136c18eee46876eb7157e7d7f 203612 python-requests_2.4.3-6_all.deb cc07baad7fb756c076f36ebb3c4c01aefda98d0b 203338 python3-requests_2.4.3-6_all.deb 716b963f6d5b94471ebe77bec4407fe46776ba16 241038 python-requests-whl_2.4.3-6_all.deb Checksums-Sha256: 44437f9970857a1dea8558adb86e46ffb808da547c24ab5121009d999d75701e 2272 requests_2.4.3-6.dsc e10d3fd38ca599f34c8a90787dc379b954dc52b3bbfac30b166801aa1ef52bf2 8688 requests_2.4.3-6.debian.tar.xz 6ff5c6a721286e78750e9ba071486ec4306994fb064b29bd59f8e07d7f64de6a 203612 python-requests_2.4.3-6_all.deb 051fe280c14392a0e6ba0fcd920e2652fa6003b20d1d5739bfdaa96f3607ab97 203338 python3-requests_2.4.3-6_all.deb 242bf9fff857739094d20bf95b86f1bdca90ebbc1e5093ed87ba328b6f338792 241038 python-requests-whl_2.4.3-6_all.deb Files: fd978d483db5d29a68a69c8757504384 2272 python optional requests_2.4.3-6.dsc 6af358a2a1f185cd3b32db311cea3fd2 8688 python optional requests_2.4.3-6.debian.tar.xz 92533571f12be406824aa8a7971fdb95 203612 python optional python-requests_2.4.3-6_all.deb b12322c976caa895a1bc844831cfde54 203338 python optional python3-requests_2.4.3-6_all.deb 3d90b8d8a7600196584ffba0561cdf55 241038 python optional python-requests-whl_2.4.3-6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVB169AAoJEK728aKnRXZFbSEP/1XHWIAQ5MyoBRmBasXzxD8E OvIDHaqVgsuxTs7l17a8mRBT1hoYOtYl3sRpYxkXUd4DwjshWQYv3hDOmg9FErvg z8tCR4LqOZkZWsSHX4H488uLw2cCDswYk/5UNBBaPbwGsrZjEqPgFFHQFPl4ntUW wLlPi1bghxIVZ4qMEa+71Nx1rtx+D8PTCcW8PyYtI00x6kvP0BrDilGJwzWMbNWB IQqE0LyPhEx96Qhjv3i2J8Me50ZpTy0aSHO0YJEFDBHEw9TPxe0C4dGCHE5jY2u6 bzy9BwNlowJD2mVkhopGnjCVcTLDg8jWdtqLTw9wAyi9TRNHXTe85GitGVHrC7Ya wvnmoTyhemkTjw2ccIb9PfaeciCcpRys8rN15Frucu6qWMCvnqBdH1Z3aGytQfTG w3UPpgW3PLrNarf796vW24UGrGsLu3Y4tVVCaYT+XBEymAixmMmxATRKowB/rU8e dyPY26h82cwZ/ZbMsViLYyZvRHatRi8KeG3BYuMOQefrgJ31cuKOvY51u7357qID XPLTlzMezGEkTGWDmrZnBQHYhf/vJujQg0e/eYm8gD7AYubUm2TSdkzHKEn9FHN5 a/cgCrH0bx4AklBuPggvayDh04CsXhI6Ty0+jQ9WUeM9S/SARd3cliSesuDcLYVO liOU0kw+1V1kHlmOwhEt =gAee -----END PGP SIGNATURE-----
--- End Message ---
