-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 18 Jan 2008 16:25:39 +0100 Source: python-cherrypy Binary: python-cherrypy Architecture: source all Version: 2.2.1-3.1 Distribution: unstable Urgency: high Maintainer: Gustavo Noronha Silva <kov@debian.org> Changed-By: Nico Golde <nion@debian.org> Description: python-cherrypy - Python web development framework Closes: 461069 Changes: python-cherrypy (2.2.1-3.1) unstable; urgency=high . * Non-maintainer upload by security team. * This update addresses the following security issue: - Directory traversal vulnerability in the _get_file_path function in filter/sessionfilter.py allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie (CVE-2008-0252; Closes: #461069). Files: 73ffb1d64656c5c1141e236fa5811cae 818 python optional python-cherrypy_2.2.1-3.1.dsc 89d9de9656065c79ac7e1fb7c6cb073f 5530 python optional python-cherrypy_2.2.1-3.1.diff.gz f753b6034a0c9cb4ca339ca93ae54f74 220648 python optional python-cherrypy_2.2.1-3.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHkMkNHYflSXNkfP8RAlMrAKCMzgMavjxugfwhTUi3grcfsfiZ5wCfa7QB sxcThqrWqUXIFx5rJThakvE= =psKV -----END PGP SIGNATURE----- Accepted: python-cherrypy_2.2.1-3.1.diff.gz to pool/main/p/python-cherrypy/python-cherrypy_2.2.1-3.1.diff.gz python-cherrypy_2.2.1-3.1.dsc to pool/main/p/python-cherrypy/python-cherrypy_2.2.1-3.1.dsc python-cherrypy_2.2.1-3.1_all.deb to pool/main/p/python-cherrypy/python-cherrypy_2.2.1-3.1_all.deb
