[SECURITY] [DLA 761-1] python-bottle security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 761-1] python-bottle security update
From: Markus Koschany <apo@debian.org>
Date: Sat, 24 Dec 2016 19:16:41 +0100
Message-id: <[🔎] 9c0ce350-f818-91f3-45c3-3d925b0c85a3@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : python-bottle
Version        : 0.10.11-1+deb7u2
CVE ID         : CVE-2016-9964
Debian Bug     : 848392

It was discovered that bottle, a WSGI-framework for the Python
programming language, did not properly filter "\r\n" sequences when
handling redirections. This allowed an attacker to perform CRLF
attacks such as HTTP header injection.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.11-1+deb7u2.

We recommend that you upgrade your python-bottle packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlheu4lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQ/2g//amd6ebQvB04oriqA+QFSR1EZ85VdjINvSbdPncDC/uoX5sjJLXYdWDmQ
rih7Zg/q4x67XaPDoIDAayE//26QEa47lJu19aANy0xgAinYm0QwatnHliSPyMzT
1OfhB5HsatvhMs+c6limJON6juyS834BvwPVEyWHdY4GBIeLPqVm/1aAYo2okQ4y
i5DsK/XsWLDlotqEcskd/LtUqpHAFo4XQL77WndwsVW8WNebSBo8p4o18ix8i9W7
FKD8YkD62RWJoKTrQnkVYeSYGt2Xuw2BrTEF/4670mEVs376QYFqfI//XLiga7Mz
3LuifaSm1f39hL3I1+Gg47K7KFhR4NLHNmIoc+UkyFsbS8S7VTDWpvPPINMHXRr6
xFC77ZE4SeB+dRjzpbx+IbJmUZ7kVD2Eo6PmTCD6ZHlMUvO/ODL/HQBYPXSRPrWQ
cUnwsB/CwK/sk4AMq4fNI+cZ2FaF9AUyPmY51EGk1KRsAEEKWmo/0J6kAiE1Ceqk
zEOnS45HArvu4xlkcHvBJIzbAHGDjkKbAGQpw3+p9pCKwOdPDOKFa6xATc9nZdMV
DPLzIx6Ucy9exeU7K2SjU+vPAtZWTAtqa0BbTe9T5abyMPArSZu1k2/m7qWaixpL
KnSVBjeh4C3Wi7dCzQmClFXSP4JaYEuNd/gz62OX6sPDRbEuTVw=
=zDYd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 759-1] nss security update
Next by Date: [SECURITY] [DLA 757-1] phpmyadmin security update
Previous by thread: [SECURITY] [DLA 759-1] nss security update
Next by thread: [SECURITY] [DLA 757-1] phpmyadmin security update
Index(es):
- Date
- Thread