PublicDateAtUSN: 2014-09-19
Candidate: CVE-2014-1830
PublicDate: 2014-10-15 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1830
 http://www.openwall.com/lists/oss-security/2014/09/19
 https://github.com/victims/victims-cve-db/blob/master/database/python/2014/1830.yaml
 https://ubuntu.com/security/notices/USN-2382-1
Description:
 Requests (aka python-requests) before 2.3.0 allows remote servers to obtain
 sensitive information by reading the Proxy-Authorization header in a
 redirected request.
Ubuntu-Description:
Notes:
Bugs:
 https://github.com/kennethreitz/requests/issues/1885
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108
Priority: medium
Discovered-by: Jakub Wilk
Assigned-to: mdeslaur
CVSS: 

Patches_requests:
 upstream: https://github.com/kennethreitz/requests/commit/97cf16e958a948ecf30c3019ae94f2e7ec7dcb7f (bp)
 upstream: https://github.com/kennethreitz/requests/commit/4d8cb3244e8e4f84b250c10a48e025f9a8bf6137
 upstream: https://github.com/kennethreitz/requests/commit/4f6dca42ea0fb3d1c4706e63e594e43f7a3237f7
 upstream: https://github.com/kennethreitz/requests/commit/8d693a2a27d0a073c0d03823cab71a3716001285
 upstream: https://github.com/kennethreitz/requests/commit/90f73378582e4e2cbc75a189a2cfa7826824f29e
 upstream: https://github.com/kennethreitz/requests/commit/459f8dfccb7ee2e1dc9e041b7aebc2392219c35e
upstream_requests: released (2.3.0-1)
lucid_requests: DNE
precise_requests: ignored (reached end-of-life)
precise/esm_requests: DNE (precise was needed)
trusty_requests: released (2.2.1-1ubuntu0.1)
trusty/esm_requests: released (2.2.1-1ubuntu0.1)
utopic_requests: not-affected (2.3.0-1)
vivid_requests: not-affected (2.3.0-1)
vivid/stable-phone-overlay_requests: DNE
vivid/ubuntu-core_requests: not-affected (2.3.0-1)
wily_requests: not-affected (2.3.0-1)
xenial_requests: not-affected (2.3.0-1)
esm-infra/xenial_requests: not-affected (2.3.0-1)
yakkety_requests: not-affected (2.3.0-1)
zesty_requests: not-affected (2.3.0-1)
devel_requests: not-affected (2.3.0-1)