[DRAFT] [ANNOUNCE] Mod_python 3.2.8 (security)
If you see any problems with this text, let me know. -- Forwarded message -- Date: Sat, 12 Feb 2005 22:00:56 -0500 (EST) From: Gregory (Grisha) Trubetskoy [EMAIL PROTECTED] To: announce@httpd.apache.org, [EMAIL PROTECTED] Cc: python-dev@httpd.apache.org Subject: [ANNOUNCE] Mod_python 3.2.8 (security) The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of versions 3.2.8 of mod_python. This release addresses a vulnerability in mod_python's FileSession object whereby a carefully crafted session cookie could potentially permit an attacker to execute code on the server. FileSession was introduced in mod_python 3.2.7 released on February 15 2006 and is not enabled by default, therefore only a very small number of installations, if any, are likely to be affected by this issue. There are no other changes or improvements from the previous version in this release. Mod_python is available for download from: http://httpd.apache.org/modules/python-download.cgi For more information about mod_python visit http://www.modpython.org/ Regards, Gregory Trubetskoy
Re: [DRAFT] [ANNOUNCE] Mod_python 3.2.8 (security)
Gregory (Grisha) Trubetskoy wrote: If you see any problems with this text, let me know. -- Forwarded message -- Date: Sat, 12 Feb 2005 22:00:56 -0500 (EST) From: Gregory (Grisha) Trubetskoy [EMAIL PROTECTED] To: announce@httpd.apache.org, [EMAIL PROTECTED] Cc: python-dev@httpd.apache.org Subject: [ANNOUNCE] Mod_python 3.2.8 (security) The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of versions 3.2.8 of mod_python. versions - version This release addresses a vulnerability in mod_python's FileSession object whereby a carefully crafted session cookie could potentially permit an attacker to execute code on the server. FileSession was introduced in mod_python 3.2.7 released on February 15 2006 and is not enabled by default, therefore only a very small number of installations, if any, are likely to be affected by this issue. There are no other changes or improvements from the previous version in this release. Mod_python is available for download from: http://httpd.apache.org/modules/python-download.cgi For more information about mod_python visit http://www.modpython.org/ Regards, Gregory Trubetskoy
Re: [DRAFT] [ANNOUNCE] Mod_python 3.2.8 (security)
Looks good. (with Jorey's correction). Jim Jorey Bump wrote: Gregory (Grisha) Trubetskoy wrote: If you see any problems with this text, let me know. -- Forwarded message -- Date: Sat, 12 Feb 2005 22:00:56 -0500 (EST) From: Gregory (Grisha) Trubetskoy [EMAIL PROTECTED] To: announce@httpd.apache.org, [EMAIL PROTECTED] Cc: python-dev@httpd.apache.org Subject: [ANNOUNCE] Mod_python 3.2.8 (security) The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of versions 3.2.8 of mod_python. versions - version This release addresses a vulnerability in mod_python's FileSession object whereby a carefully crafted session cookie could potentially permit an attacker to execute code on the server. FileSession was introduced in mod_python 3.2.7 released on February 15 2006 and is not enabled by default, therefore only a very small number of installations, if any, are likely to be affected by this issue. There are no other changes or improvements from the previous version in this release. Mod_python is available for download from: http://httpd.apache.org/modules/python-download.cgi For more information about mod_python visit http://www.modpython.org/ Regards, Gregory Trubetskoy