Philippe Makowski [2013-10-18 22:02] :
> but it let the other CVE-2013-4346 about _check_signature() ignoring the
> nonce value when validating signed urls
>
> any idea ?
maybe something like that
:https://github.com/pmakowski/python-oauth2/commit/7002422bb39bc137713933bc2e55251853830fcc
But I don't really understand this CVE since python-oauth2 Server is only :
"""A skeletal implementation of a service provider, providing protected
resources to requests from authorized consumers.
It don't intend to be a full service provider
--
To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/526288d0.8000...@espelida.com
