{"affected":[{"ecosystem_specific":{"binaries":[{"python-requests":"2.8.1-6.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP1","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.1-6.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-requests":"2.8.1-6.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 12","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.1-6.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-requests":"2.8.1-6.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 12","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.1-6.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-requests":"2.8.1-6.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.1-6.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-requests":"2.8.1-6.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.1-6.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-requests":"2.8.1-6.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP1","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.1-6.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-requests":"2.8.1-6.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP1","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.1-6.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-requests":"2.8.1-6.9.1"}]},"package":{"ecosystem":"SUSE:Cloud Compute Node for SUSE Linux Enterprise 12 5","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Cloud%20Compute%20Node%20for%20SUSE%20Linux%20Enterprise%2012%205"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.1-6.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-requests":"2.8.1-6.9.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 1.0","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Enterprise%20Storage%201.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.1-6.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python-requests":"2.8.1-6.9.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 2","name":"python-requests","purl":"pkg:rpm/suse/python-requests&distro=SUSE%20Enterprise%20Storage%202"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.8.1-6.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThe python-requests module has been updated to version 2.8.1, which brings several\nfixes and enhancements:\n\n- Fix handling of cookies on redirect. Previously a cookie without a host value set\n  would use the hostname for the redirected URL exposing requests users to session\n  fixation attacks and potentially cookie stealing. (bsc#922448, CVE-2015-2296)\n\n- Add support for per-host proxies. This allows the proxies dictionary to have entries\n  of the form {'<scheme>://<hostname>': '<proxy>'}. Host-specific\n  proxies will be used in preference to the previously-supported scheme-specific ones,\n  but the previous syntax will continue to work.\n- Update certificate bundle to match 'certifi' 2015.9.6.2's weak certificate bundle.\n- Response.raise_for_status now prints the URL that failed as part of the exception message.\n- requests.utils.get_netrc_auth now takes an raise_errors kwarg, defaulting to False.\n  When True, errors parsing .netrc files cause exceptions to be thrown.\n- Change to bundled projects import logic to make it easier to unbundle requests downstream.\n- Change the default User-Agent string to avoid leaking data on Linux: now contains only\n  the requests version.\n- The json parameter to post() and friends will now only be used if neither data nor files\n  are present, consistent with the documentation.\n- Empty fields in the NO_PROXY environment variable are now ignored.\n- Fix problem where httplib.BadStatusLine would get raised if combining stream=True with\n  contextlib.closing.\n- Prevent bugs where we would attempt to return the same connection back to the connection\n  pool twice when sending a Chunked body.\n- Digest Auth support is now thread safe.\n- Resolved several bugs involving chunked transfer encoding and response framing.\n- Copy a PreparedRequest's CookieJar more reliably.\n- Support bytearrays when passed as parameters in the 'files' argument.\n- Avoid data duplication when creating a request with 'str', 'bytes', or 'bytearray'\n  input to the 'files' argument.\n- 'Connection: keep-alive' header is now sent automatically.\n- Support for connect timeouts. Timeout now accepts a tuple (connect, read) which is\n  used to set individual connect and read timeouts.\n\nFor a comprehensive list of changes please refer to the package's change log or the\nRelease Notes at http://docs.python-requests.org/en/latest/community/updates/#id3\n","id":"SUSE-SU-2016:0114-1","modified":"2016-01-13T20:05:42Z","published":"2016-01-13T20:05:42Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20160114-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/922448"},{"type":"REPORT","url":"https://bugzilla.suse.com/929736"},{"type":"REPORT","url":"https://bugzilla.suse.com/961596"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-2296"}],"related":["CVE-2015-2296"],"summary":"Security update for python-requests","upstream":["CVE-2015-2296"]}