-
requests (2.2.1-1ubuntu0.4) trusty-security; urgency=medium
* SECURITY UPDATE: Creadentials through HTTP Authorization header
- debian/patches/CVE-2018-18074.patch: fix in requests/sessions.py.
- CVE-2018-18074
-- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Oct 2018 13:24:54 -0300
-
requests (2.2.1-1ubuntu0.3) trusty-proposed; urgency=medium
* SRU, update python3.4 for trusty. LP: #1433324.
* Build a -whl package (setuptools is needed to build the wheel package).
-- Matthias Klose <email address hidden> Tue, 17 Mar 2015 23:40:09 +0100
-
requests (2.2.1-1ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: Session fixation and cookie stealing issue
(LP: #1432555).
- debian/patches/CVE-2015-2296.patch: extract cookies from the original
request (which still has the host which returned the cookies)
- CVE-2015-2296
-- Daniel Watkins <email address hidden> Mon, 16 Mar 2015 10:11:03 +0000
-
requests (2.2.1-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: Authorization header disclosure on redirect
- debian/patches/CVE-2014-1829.patch: if redirected, strip
authentication header in requests/sessions.py, add
should_bypass_proxies() to requests/utils.py.
- CVE-2014-1829
* SECURITY UPDATE: Proxy-Authorization header disclosure on redirect
- debian/patches/CVE-2014-1830.patch: also strip proxy headers in
requests/sessions.py, added test to test_requests.py.
- CVE-2014-1830
-- Marc Deslauriers <email address hidden> Tue, 30 Sep 2014 16:13:52 -0400
-
requests (2.2.1-1) unstable; urgency=medium
* New upstream release
* debian/control
- Bumped Standards-Version to 3.9.5 (no changes needed)
* debian/copyright
- Updated copyright years
* debian/patches/02_use-system-chardet-and-urllib3.patches
- Refreshed
-- Daniele Tricoli <email address hidden> Mon, 27 Jan 2014 04:58:17 +0100
-
requests (2.0.0-1) unstable; urgency=low
* New upstream release (Closes: #725784)
* Switched to pybuild
* debian/clean
- Switched to debian/clean for cleaning instead of using debian/rules
* debian/control
- Bumped python(3)-urllib3 to (>=1.7.1)
* debian/copyright
- Updated copyright year
* debian/patches/02_use-system-chardet-and-urllib3.patches
- Refreshed
* debian/watch
- Switched download URL to https
-- Daniele Tricoli <email address hidden> Fri, 18 Oct 2013 19:20:21 +0200
-
requests (1.2.3-1) unstable; urgency=low
* New upstream release (Closes: #712915) (LP: #1187429)
- Thanks to Scott Moser for the report
* debian/compat
- Bumped debhelper compatibility level to 9
* debian/control
- Bumped debhelper B-D to (>= 9)
- Temporarily bumped X-Python-Version to >= 2.7 to prevent FTBFS
due to lack of python-urllib3 for Python 2.6
* debian/patches/02_use-system-chardet-and-urllib3.patches
- Refreshed
-- Daniele Tricoli <email address hidden> Fri, 21 Jun 2013 08:52:39 +0200