Univention Bugzilla – Bug 37069
requests: Information disclosure (4.0)
Last modified: 2017-10-26 13:54:45 CEST
Information leak of Authorization and Proxy-Authorization headers in redirected requests (CVE-2014-1829, CVE-2014-1830)
Fixed in upstream Debian package version 0.12.1-1+deb7u1
requests 0.12.1-1+deb7u1 was imported and build to scope errata4.0-3. YAML (r63409): 2015-09-02-requests.yaml
YAML: OK Tests: OK >>> import requests >>> >>> r = requests.get('https://api.github.com', auth=('user', 'pass')) >>> print r.status_code 401 >>> print r.headers['content-type'] application/json; charset=utf-8 >>>
<http://errata.software-univention.de/ucs/4.0/308.html>