diff -Nru /tmp/zXKN4lOe0I/python-cherrypy-2.2.1/debian/changelog /tmp/42185OmM8f/python-cherrypy-2.2.1/debian/changelog --- /tmp/zXKN4lOe0I/python-cherrypy-2.2.1/debian/changelog 2008-02-12 20:45:56.000000000 +0100 +++ /tmp/42185OmM8f/python-cherrypy-2.2.1/debian/changelog 2008-02-12 20:45:56.000000000 +0100 @@ -1,3 +1,15 @@ +python-cherrypy (2.2.1-3ubuntu1.1) feisty-security; urgency=low + + * SECURITY UPDATE: due to a session id handling problem an attacker + may access arbitary files via directory traversal attack + * debian/patches/04-security-dsa-1481.patch + - added file-path check in sessionfilter.py (LP: #191198) + * References + http://www.debian.org/security/2008/dsa-1481 + CVE-2008-0252 + + -- Lars Friedrichs Tue, 12 Feb 2008 17:44:51 +0100 + python-cherrypy (2.2.1-3ubuntu1) feisty; urgency=low * Modify Maintainer field. diff -Nru /tmp/zXKN4lOe0I/python-cherrypy-2.2.1/debian/patches/04-security-dsa-1481.patch /tmp/42185OmM8f/python-cherrypy-2.2.1/debian/patches/04-security-dsa-1481.patch --- /tmp/zXKN4lOe0I/python-cherrypy-2.2.1/debian/patches/04-security-dsa-1481.patch 1970-01-01 01:00:00.000000000 +0100 +++ /tmp/42185OmM8f/python-cherrypy-2.2.1/debian/patches/04-security-dsa-1481.patch 2008-02-12 20:45:56.000000000 +0100 @@ -0,0 +1,12 @@ +diff -Nur python-cherrypy-2.2.1/cherrypy/filters/sessionfilter.py python-cherrypy-2.2.1.new/cherrypy/filters/sessionfilter.py +--- python-cherrypy-2.2.1/cherrypy/filters/sessionfilter.py 2006-04-25 03:37:45.000000000 +0200 ++++ python-cherrypy-2.2.1.new/cherrypy/filters/sessionfilter.py 2008-02-12 17:24:31.000000000 +0100 +@@ -326,6 +326,8 @@ + raise SessionStoragePathNotConfiguredError() + fileName = self.SESSION_PREFIX + id + file_path = os.path.join(storage_path, fileName) ++ if not os.path.normpath(file_path).startswith(storage_path): ++ raise cherrypy.HTTPError(400, "Invalid session id in cookie.") + return file_path + + def _lock_file(self, path):