diff -Nru requests-2.2.1/debian/changelog requests-2.2.1/debian/changelog
--- requests-2.2.1/debian/changelog	2014-09-30 23:08:44.000000000 +0000
+++ requests-2.2.1/debian/changelog	2015-03-16 11:45:13.000000000 +0000
@@ -1,3 +1,13 @@
+requests (2.2.1-1ubuntu0.2) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: Session fixation and cookie stealing issue
+    (LP: #1432555).
+    - debian/patches/CVE-2015-2296.patch: extract cookies from the original
+      request (which still has the host which returned the cookies)
+    - CVE-2015-2296
+
+ -- Daniel Watkins <daniel.watkins@canonical.com>  Mon, 16 Mar 2015 10:11:03 +0000
+
 requests (2.2.1-1ubuntu0.1) trusty-security; urgency=medium
 
   * SECURITY UPDATE: Authorization header disclosure on redirect
diff -Nru requests-2.2.1/debian/patches/CVE-2015-2296.patch requests-2.2.1/debian/patches/CVE-2015-2296.patch
--- requests-2.2.1/debian/patches/CVE-2015-2296.patch	1970-01-01 00:00:00.000000000 +0000
+++ requests-2.2.1/debian/patches/CVE-2015-2296.patch	2015-03-16 11:44:36.000000000 +0000
@@ -0,0 +1,17 @@
+Description: Don't ascribe cookies to new domains on redirect
+Author: Cory Benfield <lukasaoz@gmail.com>
+Origin: upstream, https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780506
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/python-requests/+bug/1432555
+
+--- a/requests/sessions.py
++++ b/requests/sessions.py
+@@ -157,7 +157,7 @@
+             except KeyError:
+                 pass
+ 
+-            extract_cookies_to_jar(prepared_request._cookies, prepared_request, resp.raw)
++            extract_cookies_to_jar(prepared_request._cookies, req, resp.raw)
+             prepared_request._cookies.update(self.cookies)
+             prepared_request.prepare_cookies(prepared_request._cookies)
+ 
diff -Nru requests-2.2.1/debian/patches/series requests-2.2.1/debian/patches/series
--- requests-2.2.1/debian/patches/series	2014-09-30 22:53:18.000000000 +0000
+++ requests-2.2.1/debian/patches/series	2015-03-16 11:44:36.000000000 +0000
@@ -2,3 +2,4 @@
 02_use-system-chardet-and-urllib3.patch
 CVE-2014-1829.patch
 CVE-2014-1830.patch
+CVE-2015-2296.patch