Fix session fixation and cookie stealing: CVE-2015-2296. (Closes: #780506)

author: Daniele Tricoli <eriol@mornie.org> 2015-03-16 01:01:45 +0000
committer: Daniele Tricoli <eriol@mornie.org> 2015-03-16 01:01:45 +0000
commit: 140fa9de439ee29a87f5670b7620906c3fa65326 (patch)
tree: 99a594210ff04703aeec22d89b3a89fc75d8e38a /debian/changelog
parent: 8af60f07fee0bd4abd9ee269e767cdc55c15f2b6 (diff)
download: python-requests-140fa9de439ee29a87f5670b7620906c3fa65326.tar
python-requests-140fa9de439ee29a87f5670b7620906c3fa65326.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 10a3a62..2501b1c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,8 +3,11 @@ requests (2.4.3-6) UNRELEASED; urgency=medium
   * debian/patches/05_do-not-make-SSLv3-mandatory.patch
     - Since SSL version 3 is insecure it is supported only if Python
       supports it. (Closes: #770172)
+  * debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch
+    - Fix session fixation and cookie stealing: CVE-2015-2296.
+      (Closes: #780506)
 
- -- Daniele Tricoli <eriol@mornie.org>  Sat, 22 Nov 2014 19:44:01 +0100
+ -- Daniele Tricoli <eriol@mornie.org>  Mon, 16 Mar 2015 01:31:10 +0100
 
 requests (2.4.3-5) unstable; urgency=medium
author	Daniele Tricoli <eriol@mornie.org>	2015-03-16 01:01:45 +0000
committer	Daniele Tricoli <eriol@mornie.org>	2015-03-16 01:01:45 +0000
commit	140fa9de439ee29a87f5670b7620906c3fa65326 (patch)
tree	99a594210ff04703aeec22d89b3a89fc75d8e38a /debian/changelog
parent	8af60f07fee0bd4abd9ee269e767cdc55c15f2b6 (diff)
download	python-requests-140fa9de439ee29a87f5670b7620906c3fa65326.tar python-requests-140fa9de439ee29a87f5670b7620906c3fa65326.tar.gz