Please sync cherrypy3 3.0.2-2 (universe) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cherrypy3 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync cherrypy3 3.0.2-2 (universe) from Debian unstable (main).
Changelog since current hardy version 3.0.2-1:
cherrypy3 (3.0.2-2) unstable; urgency=low
[ Piotr Ożarowski ]
* Vcs-Browser and Homepage fields added
* Rename XS-Vcs-Svn to Vcs-Svn
[ Sandro Tosi ]
* debian/control
- fix Vcs-Browser field
[ Gustavo Noronha Silva ]
* This update addresses the following security issue:
- Directory traversal vulnerability in the _get_file_path function
in filter/
delete arbitrary files, and possibly read and write portions of
arbitrary files, via a crafted session id in a cookie
(
* debian/control:
- updated standards-version to 3.7.3; no changes
-- Gustavo Noronha Silva <email address hidden> Thu, 24 Jan 2008 14:30:48 -0200
Changed in cherrypy3: | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Package(s) synced.