Comment 9 for bug 187481

This bug was fixed in the package cherrypy3 - 3.0.2-1ubuntu0.1

---------------
cherrypy3 (3.0.2-1ubuntu0.1) gutsy-security; urgency=low

  * SECURITY UPDATE: directory traversal via session cookie ID.
    - debian/patches/10_CVE-2008-0252.diff: Add. Ensure that the path
      generated from the session ID is within the session directory. Patch
      from upstream SVN. (LP: #187481)
    - References:
      + CVE-2008-0252
  * Modify Maintainer value to match the DebianMaintainerField specification.

 -- William Grant <email address hidden> Sun, 09 Mar 2008 15:31:25 +1100