Publishing details

Published on 2019-06-21
Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Emilia Torino

Changelog

web2py (2.12.3-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: remote code execution
   - debian/patches/CVE-2016-3957-1.patch: more secure sessions in
     cookies using json
   - debian/patches/CVE-2016-3957-2.patch: restored pickles in sessions
   - debian/patches/CVE-2016-3957-3.patch: fixed sessions for long keys
   - CVE-2016-3957
   - CVE-2016-3954
   - CVE-2016-3953
  * SECURITY UPDATE: brute force password attack
   - debian/patches/CVE-2016-10321.patch: check if host is denied before
     verifying passwords
   - CVE-2016-10321
  * SECURITY UPDATE: information disclosure
   - debian/patches/CVE-2016-3952-1.patch: do not leak global settings into
     request object
   - debian/patches/CVE-2016-3952-2.patch: adding back cmd_options
   - debian/patches/CVE-2016-3952-3.patch: simplified beautify example
   - debian/patches/CVE-2016-3952-4.patch: fixing error due to removing
     global settings from request
   - debian/patches/CVE-2016-3952-5.patch: fixing typo on previous patch
   - CVE-2016-3952

 -- Emilia Torino <email address hidden>  Tue, 18 Jun 2019 14:01:55 -0300

Available diffs

diff from 2.12.3-1 (in Debian) to 2.12.3-1ubuntu0.1 (4.6 KiB)

Builds

amd64

Built packages

python-gluon High-level Python web development framework

python-web2py High-level Python web development framework

Package files

python-gluon_2.12.3-1ubuntu0.1_all.deb (1.4 MiB)
python-web2py_2.12.3-1ubuntu0.1_all.deb (4.2 MiB)
web2py_2.12.3-1ubuntu0.1.debian.tar.xz (18.7 KiB)
web2py_2.12.3-1ubuntu0.1.dsc (2.0 KiB)
web2py_2.12.3.orig.tar.gz (7.0 MiB)