Advisories ยป MGASA-2020-0269

Updated python-httplib2 packages fix security vulnerability

Publication date: 04 Jul 2020
Modification date: 04 Jul 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-11078

Description

Updated python-httplib2 packages fix security vulnerability:

In httplib2, an attacker controlling unescaped part of uri for
httplib2.Http.request() could change request headers and body, send
additional hidden requests to same server. This vulnerability impacts
software that uses httplib2 with uri constructed by string concatenation,
as opposed to proper urllib building with escaping (CVE-2020-11078).
                

References

SRPMS

7/core