[Secure-testing-commits] r32916 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Mar 16 15:30:28 UTC 2015
Author: carnil
Date: 2015-03-16 15:30:28 +0000 (Mon, 16 Mar 2015)
New Revision: 32916
Modified:
data/CVE/list
Log:
Add fixed version for requests, acked by the release team (Message-ID: <550684C4.6020403 at thykier.net>)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-16 13:27:17 UTC (rev 32915)
+++ data/CVE/list 2015-03-16 15:30:28 UTC (rev 32916)
@@ -47,7 +47,7 @@
- etherpad-lite <itp> (bug #576998)
NOTE: https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d
CVE-2015-2296 [session fixation and cookie stealing]
- - requests <unfixed> (bug #780506)
+ - requests 2.4.3-6 (bug #780506)
[wheezy] - requests <not-affected> (Vulnerable code introduced in 2.1.0)
NOTE: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
CVE-2015-2289
More information about the Secure-testing-commits
mailing list