-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : gunicorn Version : 0.14.5-3+deb7u2 CVE ID : CVE-2018-1000164 Debian Bug : #896548
It was discovered that there was an issue in the gunicorn HTTP server for Python applicatons where CRLF sequences could result in an attacker tricking the server into returning arbitrary headers. For more information and background, please see: https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5 For Debian 7 "Wheezy", this issue has been fixed in gunicorn version 0.14.5-3+deb7u2. We recommend that you upgrade your gunicorn packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrcTnUACgkQHpU+J9Qx HliNqhAAgdvrVeQfAH5WAFvQXT6TKdUg8EUusX8lsScCx/rF3CDJrtaMYKmbQR5l ajml7sShtmuZtS1PlnJYZMUlllaTYWe3/UEDwfNoZCTK5fIdyy3HfnKW1QKOKXQo nAFDipXGtKiY6AZBYm1CAOAoa9F5JWo8o4vbOLiLtMsxj1kbNtF119ATcTeel6l4 ugmNoiQQjStyTXiRN7K7G/+8KHeQWR2YR4saX0D3/7nQxcQvWK1UhnrWnyQB1spV 5nLHFXb8ifONXU0DUoaI4kf0IKgekhLXDRLuL3nu9HlE/eo73jJndIen09F5ryKQ gvH8k+NfMCLXGupuNHar4vITEZFVPN8NXmlENAJNfhXdT9Xv0pr8IJ1S9tM0VxCF HqZMx37cz9OXwIPF69lU7nriJiDF3Zw4kwYdiUvmqJdYyKlbcQy0sBXlrlRoCMlv RWoCgvnI5PhZl+yfv90biWG4duchQwaGLzsxfJuib0TN6+qPJwAarSvz9xjz+7B5 2MQ6+MmuTD7WCcIPu5+GekUXgHbv/NTxuush0SKXDTcNCI0N5LrVjNR/7/1gO9Pn MaFKKqWaUbca3iIii/muvvCLshtiKsFI7imfKkwBSMEgna478wFGKTBFKLDjt+za 3K5iApQx5+5MFq60qB2n4SbLm/oXgc2Jl8KGlcBUZ5xMiVQSd6I= =8UGZ -----END PGP SIGNATURE-----