Message 230650 - Python tracker

Message230650

Author	pitrou
Recipients	Arfrever, Tim.Graham, berker.peksag, georg.brandl, pitrou, r.david.murray
Date	2014-11-04.18:34:36
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1415126076.32.0.571958779106.issue22796@psf.upfronthosting.co.za>
In-reply-to

Content
The security issue isn't easy to explain, it involves an elaborated set of services (browser, Web site...) each having a slightly different notion of cookie parsing to mount an attack allowing to bypass CSRF protection on certain Python-powered frameworks. It's from a report made to security@p.o.

Content

The security issue isn't easy to explain, it involves an elaborated set of services (browser, Web site...) each having a slightly different notion of cookie parsing to mount an attack allowing to bypass CSRF protection on certain Python-powered frameworks. It's from a report made to security@p.o.

History
Date	User	Action	Args
2014-11-04 18:34:36	pitrou	set	recipients: + pitrou, georg.brandl, Arfrever, r.david.murray, berker.peksag, Tim.Graham
2014-11-04 18:34:36	pitrou	set	messageid: <1415126076.32.0.571958779106.issue22796@psf.upfronthosting.co.za>
2014-11-04 18:34:36	pitrou	link	issue22796 messages
2014-11-04 18:34:36	pitrou	create