[SECURITY] [DLA 2232-1] python-httplib2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : python-httplib2
Version : 0.9+dfsg-2+deb8u1
CVE ID : CVE-2020-11078
In httplib2, an attacker controlling unescaped part of uri for
`httplib2.Http.request()` could change request headers and body, send
additional hidden requests to same server. This vulnerability impacts
software that uses httplib2 with uri constructed by string
concatenation, as opposed to proper urllib building with escaping.
For Debian 8 "Jessie", this problem has been fixed in version
0.9+dfsg-2+deb8u1.
We recommend that you upgrade your python-httplib2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl7VKtcACgkQhj1N8u2c
KO/TBBAAlhFBvNNcjiFVrwFjbPk+x+VDilxgq4PD/h3YAJaj6E/z2VAXj2/BV9p+
WctAU93AZhrWLEQQedGOsbcxrMUqYbNm/yjpfqoUxXqE38yD5mf0wmScdDq76C+w
91LMB+CidHiKBeQt3VRBNO+2JHMFjCv0fngJ+ZY4pPJ5wzjIyWk1p9PUz6DzGXuW
iA1l/ZocWKeWxowZrWWzfflIptwJCByeSbaKQ+QteNYDG9yUt5ymlQDkgFcxoq+c
cxDFsfbX+CmkBL2zmmVmgIi8K1EukVDKJ0xR2OaK06aK9pD08z91nqAXdtLBRsRp
0/eIgba9jcFPOlkYmSsreGsLfrq7OweIzyOVNrpAKpatwv9f0erQ/rWvS4pguFKY
E0gJRS85d1Afdp63s02gm7s+OcTcoU64PQWTdqeGeG+HDYObMwtxZA4bWl34jVA7
hOYNBM9Riay4eaf64T16SiLpTVq30QfN23T7nLbNYCA9w8Yv8mBHvQo5pqTTEwxL
91lIR0aYw9Tc0CSNMD6eGa655a54fFL08T+DXyrfcVBSvW/6FrmVC8lMJRZ777FU
7pYqC7VJfg8rdyNHV/YpW7UFs8Cg/roMnBrnHQe23frTvwtDEjR3vZhTiUyx1wTD
7OxkX5BZd12VubHn4nHtdqOJKmaATW9zSO+72DUhFaIAYdIsWoM=
=Mpch
-----END PGP SIGNATURE-----
Reply to: