From 3385c789991197d9b08da1de203615f6f40c2738 Mon Sep 17 00:00:00 2001 From: Cory Benfield Date: Sun, 15 Mar 2015 11:49:32 +0000 Subject: [PATCH] Update 2.6.0 changelog with CVE number. --- HISTORY.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/HISTORY.rst b/HISTORY.rst index 254656c5..e56121df 100644 --- a/HISTORY.rst +++ b/HISTORY.rst @@ -8,12 +8,12 @@ Release History **Bugfixes** -- Fix handling of cookies on redirect. Previously a cookie without a host - value set would use the hostname for the redirected URL exposing requests - users to session fixation attacks and potentially cookie stealing. This was - disclosed privately by Matthew Daley of `BugFuzz `_. - An CVE identifier has not yet been assigned for this. This affects all - versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends). +- CVE-2015-2296: Fix handling of cookies on redirect. Previously a cookie + without a host value set would use the hostname for the redirected URL + exposing requests users to session fixation attacks and potentially cookie + stealing. This was disclosed privately by Matthew Daley of + `BugFuzz `_. This affects all versions of requests from + v2.1.0 to v2.5.3 (inclusive on both ends). - Fix error when requests is an ``install_requires`` dependency and ``python setup.py test`` is run. (#2462)