Package: python-bottle Version: 0.12.5-1 Severity: normal Tags: security upstream
Bottle parses a content-type like "text/plain;application/json" as JSON. This can be used to bypass security mechanisms. The bug is tracked in https://github.com/defnull/bottle/issues/616 The bug affects versions 0.10.11-1 and 0.12.5-1 and is already fixed in 0.12.6-1 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (600, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-bottle depends on: pn python:any <none> python-bottle recommends no packages. python-bottle suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
