This bug was fixed in the package cherrypy3 - 3.0.2-1ubuntu0.1
---------------
cherrypy3 (3.0.2-1ubuntu0.1) gutsy-security; urgency=low
* SECURITY UPDATE: directory traversal via session cookie ID.
- debian/patches/10_CVE-2008-0252.diff: Add. Ensure that the path
generated from the session ID is within the session directory. Patch
from upstream SVN. (LP: #187481)
- References:
+ CVE-2008-0252
* Modify Maintainer value to match the DebianMaintainerField specification.
-- William Grant <[EMAIL PROTECTED]> Sun, 09 Mar 2008
15:31:25 +1100
** Changed in: python-cherrypy (Ubuntu Feisty)
Status: Fix Committed => Fix Released
--
[CVE-2008-0252] Directory traversal vulnerability allows modification of
arbitrary files
https://bugs.launchpad.net/bugs/187481
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
