Debian Security Advisory

DLA-1357-1 gunicorn -- LTS security update

Date Reported:
22 Apr 2018
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2018-1000164.
More information:

It was discovered that there was an issue in the gunicorn HTTP server for Python applicatons where CRLF sequences could result in an attacker tricking the server into returning arbitrary headers.

For more information and background, please see:

For Debian 7 Wheezy, this issue has been fixed in gunicorn version 0.14.5-3+deb7u2.

We recommend that you upgrade your gunicorn packages.