Updated python-requests packages fix security vulnerabilitiesPublication date: 09 Oct 2014
Affected Mageia releases : 4
CVE: CVE-2014-1829 , CVE-2014-1830
Updated python-requests packages fix security vulnerability: Python-requests was found to have a vulnerability, where the attacker can retrieve the passwords from ~/.netrc file through redirect requests, if the user has their passwords stored in the ~/.netrc file (CVE-2014-1829). It was discovered that the python-requests Proxy-Authorization header was never re-evaluated when a redirect occurs. The Proxy-Authorization header was sent to any new proxy or non-proxy destination as redirected (CVE-2014-1830).