Accepted: python-cherrypy 2.2.1-3.1ubuntu1 (source)

Michael Bienia geser at ubuntu.com
Sat Jan 19 17:35:29 GMT 2008 

Accepted:
 OK: python-cherrypy_2.2.1.orig.tar.gz
 OK: python-cherrypy_2.2.1-3.1ubuntu1.diff.gz
 OK: python-cherrypy_2.2.1-3.1ubuntu1.dsc
     -> Component: universe Section: python

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Format: 1.7
Date: Sat, 19 Jan 2008 18:30:25 +0100
Source: python-cherrypy
Binary: python-cherrypy
Architecture: source
Version: 2.2.1-3.1ubuntu1
Distribution: hardy
Urgency: high
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Michael Bienia <geser at ubuntu.com>
Description: 
 python-cherrypy - Python web development framework
Closes: 461069
Changes: 
 python-cherrypy (2.2.1-3.1ubuntu1) hardy; urgency=low
 .
   * Merge from debian unstable, remaining changes:
     + debian/patches/03_autoreloader_fix.diff:
       - Fixed the auto-reloader if modules with an invalid __file__ attribute
         are loaded, using code from CherryPy 3.
     + Modify Maintainer field.
 .
 python-cherrypy (2.2.1-3.1) unstable; urgency=high
 .
   * Non-maintainer upload by security team.
   * This update addresses the following security issue:
     - Directory traversal vulnerability in the _get_file_path function
       in filter/sessionfilter.py allows remote attackers to create or
       delete arbitrary files, and possibly read and write portions of
       arbitrary files, via a crafted session id in a cookie
       (CVE-2008-0252; Closes: #461069).
Files: 
 692c5163de2a37281a38d7da41e759a0 1038 python optional python-cherrypy_2.2.1-3.1ubuntu1.dsc
 188b748b6942939e25e54850f1a78e66 6326 python optional python-cherrypy_2.2.1-3.1ubuntu1.diff.gz
Original-Maintainer: Gustavo Noronha Silva <kov at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)

iJwEAQEDAAYFAkeSNG8ACgkQo8/XfXdugup8tQQAp/9EWxXSZt4OaawMoUz7Zh9t
HviyV/8x5G04SjhNMC4+dX1P0SbaskfKsBlXH3SmxB4oCkkekhiqM8F6Kplam6ZQ
jXL/Vhus9289c7EpRk/cr+lMy4+M/Wp98IzB5Zp+JkePzSB8o+GjGoZeFy5wa95c
zkrA8hO4ig9JmhyEwvs=
=ThtU
-----END PGP SIGNATURE-----

More information about the Hardy-changes mailing list