Advisories ยป MGASA-2015-0120

Updated python-requests packages fix security vulnerability

Publication date: 27 Mar 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2296

Description

In python-requests before 2.6.0, a cookie without a host value set would use
the hostname for the redirected URL exposing requests users to session
fixation attacks and potentially cookie stealing (CVE-2015-2296).
                

References

SRPMS

4/core