Ubuntu
cherrypy3 package

Please sync cherrypy3 3.0.2-2 (universe) from Debian unstable (main)

Bug #186036 reported by Michael Bienia
4
Affects Status Importance Assigned to Milestone
cherrypy3 (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync cherrypy3 3.0.2-2 (universe) from Debian unstable (main).
Changelog since current hardy version 3.0.2-1:

cherrypy3 (3.0.2-2) unstable; urgency=low

  [ Piotr Ożarowski ]
  * Vcs-Browser and Homepage fields added
  * Rename XS-Vcs-Svn to Vcs-Svn

  [ Sandro Tosi ]
  * debian/control
    - fix Vcs-Browser field

  [ Gustavo Noronha Silva ]
  * This update addresses the following security issue:
    - Directory traversal vulnerability in the _get_file_path function
      in filter/sessionfilter.py allows remote attackers to create or
      delete arbitrary files, and possibly read and write portions of
      arbitrary files, via a crafted session id in a cookie
      (CVE-2008-0252).
  * debian/control:
  - updated standards-version to 3.7.3; no changes

 -- Gustavo Noronha Silva <email address hidden> Thu, 24 Jan 2008 14:30:48 -0200

Michael Bienia (geser)
Changed in cherrypy3:
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Steve Langasek (vorlon) wrote : Synced

Package(s) synced.

Changed in cherrypy3:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.