Philippe Makowski [2013-10-18 22:02] : > but it let the other CVE-2013-4346 about _check_signature() ignoring the > nonce value when validating signed urls > > any idea ? maybe something like that :https://github.com/pmakowski/python-oauth2/commit/7002422bb39bc137713933bc2e55251853830fcc
But I don't really understand this CVE since python-oauth2 Server is only : """A skeletal implementation of a service provider, providing protected resources to requests from authorized consumers. It don't intend to be a full service provider -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/526288d0.8000...@espelida.com