diff -u python-cherrypy-2.2.1/debian/changelog python-cherrypy-2.2.1/debian/changelog
--- python-cherrypy-2.2.1/debian/changelog
+++ python-cherrypy-2.2.1/debian/changelog
@@ -1,3 +1,14 @@
+python-cherrypy (2.2.1-3ubuntu1.7.10) gutsy-security; urgency=low
+
+  * SECURITY UPDATE: directory traversal via session cookie ID.
+    - debian/patches/10_CVE-2008-0252.diff: Add. Ensure that the path
+      generated from the session ID is within the session directory. Patch
+      from upstream SVN. (LP: #187481)
+    - References:
+      + CVE-2008-0252
+
+ -- William Grant <william.grant@ubuntu.org.au>  Sun, 09 Mar 2008 15:47:09 +1100
+
 python-cherrypy (2.2.1-3ubuntu1) feisty; urgency=low
 
   * Modify Maintainer field.
only in patch2:
unchanged:
--- python-cherrypy-2.2.1.orig/debian/patches/10_CVE-2008-0252.diff
+++ python-cherrypy-2.2.1/debian/patches/10_CVE-2008-0252.diff
@@ -0,0 +1,12 @@
+diff -Nur -x '*.orig' -x '*~' python-cherrypy-2.2.1/cherrypy/filters/sessionfilter.py python-cherrypy-2.2.1.new/cherrypy/filters/sessionfilter.py
+--- python-cherrypy-2.2.1/cherrypy/filters/sessionfilter.py	2006-04-25 11:37:45.000000000 +1000
++++ python-cherrypy-2.2.1.new/cherrypy/filters/sessionfilter.py	2008-03-09 15:43:41.000000000 +1100
+@@ -326,6 +326,8 @@
+             raise SessionStoragePathNotConfiguredError()
+         fileName = self.SESSION_PREFIX + id
+         file_path = os.path.join(storage_path, fileName)
++        if not os.path.normpath(file_path).startswith(storage_path):
++            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
+         return file_path
+     
+     def _lock_file(self, path):