Debian Security Advisory
DLA-1357-1 gunicorn -- LTS security update
- Date Reported:
- 22 Apr 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-1000164.
- More information:
It was discovered that there was an issue in the gunicorn HTTP server for Python applicatons where CRLF sequences could result in an attacker tricking the server into returning arbitrary headers.
For more information and background, please see:
For Debian 7
Wheezy, this issue has been fixed in gunicorn version 0.14.5-3+deb7u2.
We recommend that you upgrade your gunicorn packages.