This bug was fixed in the package python-cherrypy - 2.2.1-3ubuntu1.7.10 --------------- python-cherrypy (2.2.1-3ubuntu1.7.10) gutsy-security; urgency=low
* SECURITY UPDATE: directory traversal via session cookie ID. - debian/patches/10_CVE-2008-0252.diff: Add. Ensure that the path generated from the session ID is within the session directory. Patch from upstream SVN. (LP: #187481) - References: + CVE-2008-0252 -- William Grant <[EMAIL PROTECTED]> Sun, 09 Mar 2008 15:47:09 +1100 ** Changed in: python-cherrypy (Ubuntu Gutsy) Status: Fix Committed => Fix Released ** Changed in: cherrypy3 (Ubuntu Gutsy) Status: Fix Committed => Fix Released -- [CVE-2008-0252] Directory traversal vulnerability allows modification of arbitrary files https://bugs.launchpad.net/bugs/187481 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs