Back to python-cherrypy PTS page

Accepted python-cherrypy 2.2.1-3.1 (source all)

To: debian-devel-changes@lists.debian.org
Subject: Accepted python-cherrypy 2.2.1-3.1 (source all)
From: Nico Golde <nion@debian.org>
Date: Fri, 18 Jan 2008 15:47:04 +0000
Message-id: <E1JFtQu-0005gb-Uv@ries.debian.org>
Sender: Archive Administrator <dak@ftp-master.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 18 Jan 2008 16:25:39 +0100
Source: python-cherrypy
Binary: python-cherrypy
Architecture: source all
Version: 2.2.1-3.1
Distribution: unstable
Urgency: high
Maintainer: Gustavo Noronha Silva <kov@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 python-cherrypy - Python web development framework
Closes: 461069
Changes: 
 python-cherrypy (2.2.1-3.1) unstable; urgency=high
 .
   * Non-maintainer upload by security team.
   * This update addresses the following security issue:
     - Directory traversal vulnerability in the _get_file_path function
       in filter/sessionfilter.py allows remote attackers to create or
       delete arbitrary files, and possibly read and write portions of
       arbitrary files, via a crafted session id in a cookie
       (CVE-2008-0252; Closes: #461069).
Files: 
 73ffb1d64656c5c1141e236fa5811cae 818 python optional python-cherrypy_2.2.1-3.1.dsc
 89d9de9656065c79ac7e1fb7c6cb073f 5530 python optional python-cherrypy_2.2.1-3.1.diff.gz
 f753b6034a0c9cb4ca339ca93ae54f74 220648 python optional python-cherrypy_2.2.1-3.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHkMkNHYflSXNkfP8RAlMrAKCMzgMavjxugfwhTUi3grcfsfiZ5wCfa7QB
sxcThqrWqUXIFx5rJThakvE=
=psKV
-----END PGP SIGNATURE-----


Accepted:
python-cherrypy_2.2.1-3.1.diff.gz
  to pool/main/p/python-cherrypy/python-cherrypy_2.2.1-3.1.diff.gz
python-cherrypy_2.2.1-3.1.dsc
  to pool/main/p/python-cherrypy/python-cherrypy_2.2.1-3.1.dsc
python-cherrypy_2.2.1-3.1_all.deb
  to pool/main/p/python-cherrypy/python-cherrypy_2.2.1-3.1_all.deb