Comment 8 for bug 187481

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-cherrypy - 2.2.1-3ubuntu1.7.10

---------------
python-cherrypy (2.2.1-3ubuntu1.7.10) gutsy-security; urgency=low

  * SECURITY UPDATE: directory traversal via session cookie ID.
    - debian/patches/10_CVE-2008-0252.diff: Add. Ensure that the path
      generated from the session ID is within the session directory. Patch
      from upstream SVN. (LP: #187481)
    - References:
      + CVE-2008-0252

 -- William Grant <email address hidden> Sun, 09 Mar 2008 15:47:09 +1100