Updated python-bottle packages fix security vulnerability
Publication date: 29 Jan 2017Modification date: 29 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9964
Description
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. (CVE-2016-9964)
References
SRPMS
5/core
- python-bottle-0.12.11-1.mga5