{"affected":[{"ecosystem_specific":{"binaries":[{"python-requests":"2.3.0-9.2"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 5","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.3.0-9.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"python-requests was updated to fix one security issue.\n\nThis security issue was fixed:\n\n- CVE-2015-2296: The resolve_redirects function in sessions.py allowed remote attackers to\n  conduct session fixation attacks via a cookie without a host value in a redirect. (bsc#922448)\n\nThis non-security issue was fixed:\n\n- Don't use the hardcoded path for certificates. (bsc#935252)\n  ","id":"SUSE-SU-2015:2156-1","modified":"2015-11-30T11:07:43Z","published":"2015-11-30T11:07:43Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20152156-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/922448"},{"type":"REPORT","url":"https://bugzilla.suse.com/935252"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2296"}],"related":["CVE-2015-2296"],"summary":"Security update for python-requests","upstream":["CVE-2015-2296"]}