diff -Nru requests-2.3.0/debian/changelog requests-2.3.0/debian/changelog
--- requests-2.3.0/debian/changelog	2014-06-04 15:00:00.000000000 +0000
+++ requests-2.3.0/debian/changelog	2015-03-16 11:43:52.000000000 +0000
@@ -1,3 +1,13 @@
+requests (2.3.0-1ubuntu0.1) utopic-security; urgency=medium
+
+  * SECURITY UPDATE: Session fixation and cookie stealing issue
+    (LP: #1432555).
+    - debian/patches/CVE-2015-2296.patch: extract cookies from the original
+      request (which still has the host which returned the cookies)
+    - CVE-2015-2296
+
+ -- Daniel Watkins <daniel.watkins@canonical.com>  Mon, 16 Mar 2015 10:37:44 +0000
+
 requests (2.3.0-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru requests-2.3.0/debian/control requests-2.3.0/debian/control
--- requests-2.3.0/debian/control	2014-06-04 14:34:39.000000000 +0000
+++ requests-2.3.0/debian/control	2015-03-16 11:44:17.000000000 +0000
@@ -1,5 +1,6 @@
 Source: requests
-Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
 Uploaders: Daniele Tricoli <eriol@mornie.org>
 Section: python
 Priority: optional
diff -Nru requests-2.3.0/debian/patches/CVE-2015-2296.patch requests-2.3.0/debian/patches/CVE-2015-2296.patch
--- requests-2.3.0/debian/patches/CVE-2015-2296.patch	1970-01-01 00:00:00.000000000 +0000
+++ requests-2.3.0/debian/patches/CVE-2015-2296.patch	2015-03-16 11:43:20.000000000 +0000
@@ -0,0 +1,17 @@
+Description: Don't ascribe cookies to new domains on redirect
+Author: Cory Benfield <lukasaoz@gmail.com>
+Origin: upstream, https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780506
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/python-requests/+bug/1432555
+
+--- a/requests/sessions.py
++++ b/requests/sessions.py
+@@ -158,7 +158,7 @@
+             except KeyError:
+                 pass
+ 
+-            extract_cookies_to_jar(prepared_request._cookies, prepared_request, resp.raw)
++            extract_cookies_to_jar(prepared_request._cookies, req, resp.raw)
+             prepared_request._cookies.update(self.cookies)
+             prepared_request.prepare_cookies(prepared_request._cookies)
+ 
diff -Nru requests-2.3.0/debian/patches/series requests-2.3.0/debian/patches/series
--- requests-2.3.0/debian/patches/series	2013-05-11 05:57:15.000000000 +0000
+++ requests-2.3.0/debian/patches/series	2015-03-16 11:43:20.000000000 +0000
@@ -1,2 +1,3 @@
 01_use-system-ca-certificates.patch
 02_use-system-chardet-and-urllib3.patch
+CVE-2015-2296.patch