Ubuntu
cherrypy3 package

  1. Gutsy (7.10)
  2. Bug #187481
  3. Comment #10

Comment 10 for bug 187481

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-cherrypy - 2.2.1-3ubuntu1.7.04

---------------
python-cherrypy (2.2.1-3ubuntu1.7.04) feisty-security; urgency=low

  * SECURITY UPDATE: directory traversal via session cookie ID.
    - debian/patches/10_CVE-2008-0252.diff: Add. Ensure that the path
      generated from the session ID is within the session directory. Patch
      from upstream SVN. (LP: #187481)
    - References:
      + CVE-2008-0252

 -- William Grant <email address hidden> Sun, 09 Mar 2008 15:59:14 +1100