|
Lines 58-63
Link Here
|
| 58 |
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) |
58 |
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) |
| 59 |
--> |
59 |
--> |
| 60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
|
|
61 |
<vuln vid="a61374fc-3a4d-11e6-a671-60a44ce6887b"> |
| 62 |
<topic>Python -- HTTP Header Injection in Python urllib</topic> |
| 63 |
<affects> |
| 64 |
<package> |
| 65 |
<name>python33</name> |
| 66 |
<range><lt>3.3.6</lt></range> |
| 67 |
</package> |
| 68 |
</affects> |
| 69 |
<description> |
| 70 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 71 |
<p>Guido Vranken reports:</p> |
| 72 |
<blockquote cite="https://bugs.python.org/issue22928"> |
| 73 |
<p>HTTP header injection in urrlib2/urllib/httplib/http.client with |
| 74 |
newlines in header values, where newlines have a semantic consequence of |
| 75 |
denoting the start of an additional header line.</p> |
| 76 |
</blockquote> |
| 77 |
</body> |
| 78 |
</description> |
| 79 |
<references> |
| 80 |
<url>https://bugs.python.org/issue22928</url> |
| 81 |
<url>http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html</url> |
| 82 |
<url>http://www.openwall.com/lists/oss-security/2016/06/14/7</url> |
| 83 |
<cvename>CVE-2016-5699</cvename> |
| 84 |
</references> |
| 85 |
<dates> |
| 86 |
<discovery>2014-11-24</discovery> |
| 87 |
<entry>2016-06-24</entry> |
| 88 |
</dates> |
| 89 |
</vuln> |
| 90 |
|
| 61 |
<vuln vid="4a0d9b53-395d-11e6-b3c8-14dae9d210b8"> |
91 |
<vuln vid="4a0d9b53-395d-11e6-b3c8-14dae9d210b8"> |
| 62 |
<topic>libarchive -- multiple vulnerabilities</topic> |
92 |
<topic>libarchive -- multiple vulnerabilities</topic> |
| 63 |
<affects> |
93 |
<affects> |