Debian Linux Security Advisory 3743-1 - It was discovered that bottle, a WSGI-framework for the Python programming language, did not properly filter "\r\n" sequences when handling redirections. This allowed an attacker to perform CRLF attacks such as HTTP header injection.
0946395bf15ee5c683437b5aedcdca12a278c64ac8576b1546dfb0f8f763cd23