-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : python-httplib2 Version : 0.9+dfsg-2+deb8u1 CVE ID : CVE-2020-11078
In httplib2, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. For Debian 8 "Jessie", this problem has been fixed in version 0.9+dfsg-2+deb8u1. We recommend that you upgrade your python-httplib2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl7VKtcACgkQhj1N8u2c KO/TBBAAlhFBvNNcjiFVrwFjbPk+x+VDilxgq4PD/h3YAJaj6E/z2VAXj2/BV9p+ WctAU93AZhrWLEQQedGOsbcxrMUqYbNm/yjpfqoUxXqE38yD5mf0wmScdDq76C+w 91LMB+CidHiKBeQt3VRBNO+2JHMFjCv0fngJ+ZY4pPJ5wzjIyWk1p9PUz6DzGXuW iA1l/ZocWKeWxowZrWWzfflIptwJCByeSbaKQ+QteNYDG9yUt5ymlQDkgFcxoq+c cxDFsfbX+CmkBL2zmmVmgIi8K1EukVDKJ0xR2OaK06aK9pD08z91nqAXdtLBRsRp 0/eIgba9jcFPOlkYmSsreGsLfrq7OweIzyOVNrpAKpatwv9f0erQ/rWvS4pguFKY E0gJRS85d1Afdp63s02gm7s+OcTcoU64PQWTdqeGeG+HDYObMwtxZA4bWl34jVA7 hOYNBM9Riay4eaf64T16SiLpTVq30QfN23T7nLbNYCA9w8Yv8mBHvQo5pqTTEwxL 91lIR0aYw9Tc0CSNMD6eGa655a54fFL08T+DXyrfcVBSvW/6FrmVC8lMJRZ777FU 7pYqC7VJfg8rdyNHV/YpW7UFs8Cg/roMnBrnHQe23frTvwtDEjR3vZhTiUyx1wTD 7OxkX5BZd12VubHn4nHtdqOJKmaATW9zSO+72DUhFaIAYdIsWoM= =Mpch -----END PGP SIGNATURE-----