Security update for httpie SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2089-1 Final 1 1 2019-09-07T14:23:00Z current 2019-09-07T14:23:00Z 2019-09-07T14:23:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for httpie This update for httpie fixes the following issues: httpie was updated to version 1.0.3: * Fix CVE-2019-10751 (HTTPie is vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. (bsc#1148466) This update was imported from the openSUSE:Leap:15.1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2089 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GTLZBGOOZKEPVX6GAQCBUMJ6MXEPRK5I/#GTLZBGOOZKEPVX6GAQCBUMJ6MXEPRK5I E-Mail link for openSUSE-SU-2019:2089-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1148466 SUSE Bug 1148466 https://www.suse.com/security/cve/CVE-2019-10751/ SUSE CVE CVE-2019-10751 page SUSE Package Hub 15 SP1 python3-httpie-1.0.3-bp151.2.6.1 python3-httpie-1.0.3-bp151.2.6.1 as a component of SUSE Package Hub 15 SP1 All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control. CVE-2019-10751 SUSE Package Hub 15 SP1:python3-httpie-1.0.3-bp151.2.6.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GTLZBGOOZKEPVX6GAQCBUMJ6MXEPRK5I/#GTLZBGOOZKEPVX6GAQCBUMJ6MXEPRK5I https://www.suse.com/security/cve/CVE-2019-10751.html CVE-2019-10751 https://bugzilla.suse.com/1148466 SUSE Bug 1148466