Accepted python-cherrypy 2.2.1-3.1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 18 Jan 2008 16:25:39 +0100
Source: python-cherrypy
Binary: python-cherrypy
Architecture: source all
Version: 2.2.1-3.1
Distribution: unstable
Urgency: high
Maintainer: Gustavo Noronha Silva <kov@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
python-cherrypy - Python web development framework
Closes: 461069
Changes:
python-cherrypy (2.2.1-3.1) unstable; urgency=high
.
* Non-maintainer upload by security team.
* This update addresses the following security issue:
- Directory traversal vulnerability in the _get_file_path function
in filter/sessionfilter.py allows remote attackers to create or
delete arbitrary files, and possibly read and write portions of
arbitrary files, via a crafted session id in a cookie
(CVE-2008-0252; Closes: #461069).
Files:
73ffb1d64656c5c1141e236fa5811cae 818 python optional python-cherrypy_2.2.1-3.1.dsc
89d9de9656065c79ac7e1fb7c6cb073f 5530 python optional python-cherrypy_2.2.1-3.1.diff.gz
f753b6034a0c9cb4ca339ca93ae54f74 220648 python optional python-cherrypy_2.2.1-3.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHkMkNHYflSXNkfP8RAlMrAKCMzgMavjxugfwhTUi3grcfsfiZ5wCfa7QB
sxcThqrWqUXIFx5rJThakvE=
=psKV
-----END PGP SIGNATURE-----
Accepted:
python-cherrypy_2.2.1-3.1.diff.gz
to pool/main/p/python-cherrypy/python-cherrypy_2.2.1-3.1.diff.gz
python-cherrypy_2.2.1-3.1.dsc
to pool/main/p/python-cherrypy/python-cherrypy_2.2.1-3.1.dsc
python-cherrypy_2.2.1-3.1_all.deb
to pool/main/p/python-cherrypy/python-cherrypy_2.2.1-3.1_all.deb