idella4 14/06/27 10:53:30 Added: CVE-2014-4615.patch Log: sec. patch wrt Bug #515050, add IUSE, doc build, fix test phase, rm vuln. version (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0xB8072B0D)
Revision Changes Path 1.1 dev-python/pycadf/files/CVE-2014-4615.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/pycadf/files/CVE-2014-4615.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/pycadf/files/CVE-2014-4615.patch?rev=1.1&content-type=text/plain Index: CVE-2014-4615.patch =================================================================== https://review.openstack.org/#/c/94878/ Owner gordon chung Project openstack/pycadf Branch master Topic bug1321080 Uploaded May 22, 2014 10:12 PM Updated May 23, 2014 3:34 AM Status Merged Commit Message: remove token from notifier middleware notifier middleware is capturing token and sending it to MQ. this is not advisable so we should filter it out. Change-Id: I11d9f2f23fc3b60c945c33d4d02bd7640d88a083 Closes-Bug: #1321080 diff --git a/pycadf/middleware/notifier.py b/pycadf/middleware/notifier.py index fc921f8..621c8b4 100644 --- a/pycadf/middleware/notifier.py +++ b/pycadf/middleware/notifier.py @@ -88,7 +88,7 @@ include them. """ return dict((k, v) for k, v in six.iteritems(environ) - if k.isupper()) + if k.isupper() and k != 'HTTP_X_AUTH_TOKEN') @log_and_ignore_error def process_request(self, request):