Looks good. (with Jorey's correction).
Jim
Jorey Bump wrote:
Gregory (Grisha) Trubetskoy wrote:
If you see any problems with this text, let me know.
---------- Forwarded message ----------
Date: Sat, 12 Feb 2005 22:00:56 -0500 (EST)
From: "Gregory (Grisha) Trubetskoy" <[EMAIL PROTECTED]>
To: announce@httpd.apache.org, [EMAIL PROTECTED]
Cc: python-dev@httpd.apache.org
Subject: [ANNOUNCE] Mod_python 3.2.8 (security)
The Apache Software Foundation and The Apache HTTP Server Project are
pleased to announce the release of versions 3.2.8 of mod_python.
versions -> version
This release addresses a vulnerability in mod_python's FileSession
object whereby a carefully crafted session cookie could potentially
permit an attacker to execute code on the server.
FileSession was introduced in mod_python 3.2.7 released on February 15
2006 and is not enabled by default, therefore only a very small number
of installations, if any, are likely to be affected by this issue.
There are no other changes or improvements from the previous version in
this release.
Mod_python is available for download from:
http://httpd.apache.org/modules/python-download.cgi
For more information about mod_python visit http://www.modpython.org/
Regards,
Gregory Trubetskoy
