Back to bug 1303699
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-02-01 17:02:48 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-02-01 17:02:48 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-02-01 17:07:16 UTC | CC | cheimes | |
| Adam Mariš | 2016-02-01 17:09:45 UTC | Blocks | 1303701 | |
| Florian Weimer | 2016-04-28 08:32:50 UTC | Flags | needinfo?(cheimes) | |
| Florian Weimer | 2016-04-28 08:33:07 UTC | Flags | needinfo?(security-response-team) | |
| Florian Weimer | 2016-04-28 08:33:20 UTC | CC | amaris | |
| Flags | needinfo?(amaris) | |||
| Martin Prpič | 2016-04-28 12:36:01 UTC | Whiteboard | impact=moderate,public=no,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-88,rhel-5/python=new,rhel-6/python=new,rhel-7/python=new,rhscl-2/python27-python=new,rhscl-1/python33-python=new,rhscl-2/rh-python34-python=new,rhel-5/glibc=new,rhel-6/glibc=new,rhel-7/glibc=new,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-88,rhel-5/python=new,rhel-6/python=new,rhel-7/python=new,rhscl-2/python27-python=new,rhscl-1/python33-python=new,rhscl-2/rh-python34-python=new,rhel-5/glibc=new,rhel-6/glibc=new,rhel-7/glibc=new,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Martin Prpič | 2016-04-28 12:36:05 UTC | Summary | EMBARGOED python: glibc: http protocol steam injection attack | python: glibc: http protocol steam injection attack |
| Martin Prpič | 2016-04-28 12:36:09 UTC | Group | security, qe_staff | |
| Martin Prpič | 2016-04-28 12:36:34 UTC | Depends On | 1331390 | |
| Martin Prpič | 2016-04-28 12:36:47 UTC | Depends On | 1331391 | |
| Martin Prpič | 2016-04-28 12:36:58 UTC | Depends On | 1331392 | |
| Martin Prpič | 2016-04-28 12:37:06 UTC | Depends On | 1331393 | |
| Martin Prpič | 2016-04-28 12:38:32 UTC | Flags | needinfo?(cheimes) needinfo?(security-response-team) needinfo?(amaris) | |
| Florian Weimer | 2016-04-28 12:55:35 UTC | Link ID | Sourceware 20018 | |
| Slawomir Czarko | 2016-04-28 15:13:33 UTC | CC | slawomir | |
| Cedric Buissart | 2016-05-17 14:58:30 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-88,rhel-5/python=new,rhel-6/python=new,rhel-7/python=new,rhscl-2/python27-python=new,rhscl-1/python33-python=new,rhscl-2/rh-python34-python=new,rhel-5/glibc=new,rhel-6/glibc=new,rhel-7/glibc=new,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-88,rhel-5/python=new,rhel-6/python=new,rhel-7/python=new,rhscl-2/python27-python=new,rhscl-1/python33-python=new,rhscl-2/rh-python34-python=new,rhel-5/glibc=wontfix,rhel-6/glibc=wontix,rhel-7/glibc=wontix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Cedric Buissart | 2016-05-17 15:05:01 UTC | CC | cbuissar | |
| Tomas Hoger | 2016-05-18 07:32:42 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-88,rhel-5/python=new,rhel-6/python=new,rhel-7/python=new,rhscl-2/python27-python=new,rhscl-1/python33-python=new,rhscl-2/rh-python34-python=new,rhel-5/glibc=wontfix,rhel-6/glibc=wontix,rhel-7/glibc=wontix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-88,rhel-5/python=new,rhel-6/python=new,rhel-7/python=new,rhscl-2/python27-python=new,rhscl-1/python33-python=new,rhscl-2/rh-python34-python=new,rhel-5/glibc=wontfix,rhel-6/glibc=wontfix,rhel-7/glibc=wontfix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Cedric Buissart | 2016-06-10 08:34:44 UTC | Doc Text | It was found that Python's httplib library (used urllib, urllib2 and others) did not properly check HTTP header input in HTTPConnection.putheader(). An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values. | |
| Cedric Buissart | 2016-06-10 09:09:40 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-88,rhel-5/python=new,rhel-6/python=new,rhel-7/python=new,rhscl-2/python27-python=new,rhscl-1/python33-python=new,rhscl-2/rh-python34-python=new,rhel-5/glibc=wontfix,rhel-6/glibc=wontfix,rhel-7/glibc=wontfix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=new,rhel-6/python=new,rhel-7/python=new,rhscl-2/python27-python=new,rhscl-1/python33-python=new,rhscl-2/rh-python34-python=new,rhel-5/glibc=wontfix,rhel-6/glibc=wontfix,rhel-7/glibc=wontfix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Cedric Buissart | 2016-06-10 11:28:22 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=new,rhel-6/python=new,rhel-7/python=new,rhscl-2/python27-python=new,rhscl-1/python33-python=new,rhscl-2/rh-python34-python=new,rhel-5/glibc=wontfix,rhel-6/glibc=wontfix,rhel-7/glibc=wontfix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-1/python33-python=affected,rhscl-2/rh-python34-python=affected,rhel-5/glibc=wontfix,rhel-6/glibc=wontfix,rhel-7/glibc=wontfix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Tomas Hoger | 2016-06-10 11:57:56 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-1/python33-python=affected,rhscl-2/rh-python34-python=affected,rhel-5/glibc=wontfix,rhel-6/glibc=wontfix,rhel-7/glibc=wontfix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=new,rhel-5/glibc=wontfix,rhel-6/glibc=wontfix,rhel-7/glibc=wontfix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Cedric Buissart | 2016-06-13 08:07:41 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=new,rhel-5/glibc=wontfix,rhel-6/glibc=wontfix,rhel-7/glibc=wontfix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,rhel-5/glibc=wontfix,rhel-6/glibc=wontfix,rhel-7/glibc=wontfix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Cedric Buissart | 2016-06-14 15:33:27 UTC | Depends On | 1346354 | |
| Cedric Buissart | 2016-06-14 15:33:31 UTC | Depends On | 1346355 | |
| Cedric Buissart | 2016-06-14 15:33:36 UTC | Depends On | 1346356 | |
| Cedric Buissart | 2016-06-14 15:33:40 UTC | Depends On | 1346357 | |
| Cedric Buissart | 2016-06-14 15:33:44 UTC | Depends On | 1346358 | |
| Cedric Buissart | 2016-06-14 15:33:50 UTC | Depends On | 1346359 | |
| Cedric Buissart | 2016-06-14 15:33:56 UTC | Depends On | 1346360 | |
| Cedric Buissart | 2016-06-14 15:34:01 UTC | Depends On | 1346361 | |
| Tomas Orsava | 2016-06-16 16:06:00 UTC | CC | torsava | |
| Andrej Nemec | 2016-06-17 06:47:35 UTC | Alias | CVE-2016-5699 | |
| Andrej Nemec | 2016-06-17 06:47:43 UTC | Summary | python: glibc: http protocol steam injection attack | CVE-2016-5699 python: glibc: http protocol steam injection attack |
| Andrej Nemec | 2016-06-17 07:00:25 UTC | CC | anemec | |
| Cedric Buissart | 2016-06-17 08:41:03 UTC | Depends On | 1331390 | |
| Cedric Buissart | 2016-06-17 08:42:43 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,rhel-5/glibc=wontfix,rhel-6/glibc=wontfix,rhel-7/glibc=wontfix,fedora-all/glibc=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected |
| Cedric Buissart | 2016-06-17 08:54:21 UTC | Summary | CVE-2016-5699 python: glibc: http protocol steam injection attack | CVE-2016-5699 python: http protocol steam injection attack |
| Cedric Buissart | 2016-06-17 10:18:39 UTC | Link ID | Sourceware 20018 | |
| Cedric Buissart | 2016-06-22 12:22:31 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected |
| Cedric Buissart | 2016-06-22 12:22:41 UTC | CC | cstratak, kevin, pviktori | |
| Cedric Buissart | 2016-06-22 12:25:25 UTC | Depends On | 1348973 | |
| Cedric Buissart | 2016-06-22 12:40:50 UTC | Depends On | 1348973 | |
| Cedric Buissart | 2016-06-22 12:43:58 UTC | Depends On | 1348982 | |
| Norman Sardella | 2016-06-22 17:40:57 UTC | CC | sardella | |
| Miro Hrončok | 2016-06-30 12:41:41 UTC | CC | mhroncok | |
| Cedric Buissart | 2016-06-30 14:41:46 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected |
| Cedric Buissart | 2016-06-30 14:42:04 UTC | CC | mcyprian, python-sig, tomspur | |
| Cedric Buissart | 2016-06-30 14:42:56 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected,fedora-all/pypy3=affected |
| Cedric Buissart | 2016-06-30 14:52:55 UTC | Depends On | 1351685 | |
| Cedric Buissart | 2016-06-30 14:53:17 UTC | Depends On | 1351687 | |
| Cedric Buissart | 2016-06-30 15:01:20 UTC | Depends On | 1351691 | |
| Cedric Buissart | 2016-06-30 15:01:43 UTC | Depends On | 1351692 | |
| Cedric Buissart | 2016-06-30 15:02:31 UTC | Depends On | 1351694 | |
| Cedric Buissart | 2016-07-20 13:58:49 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected,fedora-all/pypy3=affected | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cvss3=5.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected,fedora-all/pypy3=affected |
| Tomas Hoger | 2016-07-21 22:08:48 UTC | Doc Text | It was found that Python's httplib library (used urllib, urllib2 and others) did not properly check HTTP header input in HTTPConnection.putheader(). An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values. | It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. |
| Cedric Buissart | 2016-08-18 20:55:59 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-08-18 16:55:59 UTC | |||
| Adam Mariš | 2016-11-08 16:05:50 UTC | CC | amaris | |
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=moderate,public=20141124,reported=20160131,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:P/A:N,cvss3=5.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-20,rhel-5/python=wontfix,rhel-6/python=affected,rhel-7/python=affected,rhscl-2/python27-python=affected,rhscl-2/python33-python=affected,rhscl-2/rh-python34-python=affected,rhscl-2/rh-python35-python=affected,fedora-all/python=affected,fedora-all/python3=affected,epel-5/python26=affected,epel-7/python34=affected,fedora-all/pypy=affected,epel-5/pypy=affected,epel-6/pypy=affected,epel-7/pypy=affected,fedora-all/pypy3=affected |
Back to bug 1303699