[Bug 186036] [NEW] Please sync cherrypy3 3.0.2-2 (universe) from Debian unstable (main)
Michael Bienia
michael at vorlon.ping.de
Fri Jan 25 20:50:05 GMT 2008
Public bug reported:
Please sync cherrypy3 3.0.2-2 (universe) from Debian unstable (main).
Changelog since current hardy version 3.0.2-1:
cherrypy3 (3.0.2-2) unstable; urgency=low
[ Piotr Ożarowski ]
* Vcs-Browser and Homepage fields added
* Rename XS-Vcs-Svn to Vcs-Svn
[ Sandro Tosi ]
* debian/control
- fix Vcs-Browser field
[ Gustavo Noronha Silva ]
* This update addresses the following security issue:
- Directory traversal vulnerability in the _get_file_path function
in filter/sessionfilter.py allows remote attackers to create or
delete arbitrary files, and possibly read and write portions of
arbitrary files, via a crafted session id in a cookie
(CVE-2008-0252).
* debian/control:
- updated standards-version to 3.7.3; no changes
-- Gustavo Noronha Silva <kov at debian.org> Thu, 24 Jan 2008 14:30:48
-0200
** Affects: cherrypy3 (Ubuntu)
Importance: Wishlist
Status: Confirmed
** Changed in: cherrypy3 (Ubuntu)
Importance: Undecided => Wishlist
Status: New => Confirmed
--
Please sync cherrypy3 3.0.2-2 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/186036
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list