Debian-LTS alert DLA-761-1 (python-bottle)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 761-1] python-bottle security update | |
| Date: | Sat, 24 Dec 2016 19:16:41 +0100 | |
| Message-ID: | <9c0ce350-f818-91f3-45c3-3d925b0c85a3@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : python-bottle Version : 0.10.11-1+deb7u2 CVE ID : CVE-2016-9964 Debian Bug : 848392 It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection. For Debian 7 "Wheezy", these problems have been fixed in version 0.10.11-1+deb7u2. We recommend that you upgrade your python-bottle packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlheu4lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQ/2g//amd6ebQvB04oriqA+QFSR1EZ85VdjINvSbdPncDC/uoX5sjJLXYdWDmQ rih7Zg/q4x67XaPDoIDAayE//26QEa47lJu19aANy0xgAinYm0QwatnHliSPyMzT 1OfhB5HsatvhMs+c6limJON6juyS834BvwPVEyWHdY4GBIeLPqVm/1aAYo2okQ4y i5DsK/XsWLDlotqEcskd/LtUqpHAFo4XQL77WndwsVW8WNebSBo8p4o18ix8i9W7 FKD8YkD62RWJoKTrQnkVYeSYGt2Xuw2BrTEF/4670mEVs376QYFqfI//XLiga7Mz 3LuifaSm1f39hL3I1+Gg47K7KFhR4NLHNmIoc+UkyFsbS8S7VTDWpvPPINMHXRr6 xFC77ZE4SeB+dRjzpbx+IbJmUZ7kVD2Eo6PmTCD6ZHlMUvO/ODL/HQBYPXSRPrWQ cUnwsB/CwK/sk4AMq4fNI+cZ2FaF9AUyPmY51EGk1KRsAEEKWmo/0J6kAiE1Ceqk zEOnS45HArvu4xlkcHvBJIzbAHGDjkKbAGQpw3+p9pCKwOdPDOKFa6xATc9nZdMV DPLzIx6Ucy9exeU7K2SjU+vPAtZWTAtqa0BbTe9T5abyMPArSZu1k2/m7qWaixpL KnSVBjeh4C3Wi7dCzQmClFXSP4JaYEuNd/gz62OX6sPDRbEuTVw= =zDYd -----END PGP SIGNATURE-----