* SECURITY UPDATE: directory traversal via session cookie ID.
- debian/patches/10_CVE-2008-0252.diff: Add. Ensure that the path
generated from the session ID is within the session directory. Patch
from upstream SVN. (LP: #187481)
- References:
+ CVE-2008-0252
-- William Grant <email address hidden> Sun, 09 Mar 2008 15:47:09 +1100
This bug was fixed in the package python-cherrypy - 2.2.1-3ubuntu1.7.10
--------------- 3ubuntu1. 7.10) gutsy-security; urgency=low
python-cherrypy (2.2.1-
* SECURITY UPDATE: directory traversal via session cookie ID. patches/ 10_CVE- 2008-0252. diff: Add. Ensure that the path
- debian/
generated from the session ID is within the session directory. Patch
from upstream SVN. (LP: #187481)
- References:
+ CVE-2008-0252
-- William Grant <email address hidden> Sun, 09 Mar 2008 15:47:09 +1100