[Python-modules-commits] r4400 - in packages/python-cherrypy/trunk/debian (2 files)

kov at users.alioth.debian.org kov at users.alioth.debian.org
Thu Jan 24 16:02:02 UTC 2008 

    Date: Thursday, January 24, 2008 @ 16:02:00
  Author: kov
Revision: 4400

apply and acknowledge NMU by Nico Golde

Added:
  packages/python-cherrypy/trunk/debian/patches/04_CVE-2008-0252.diff
Modified:
  packages/python-cherrypy/trunk/debian/changelog

Modified: packages/python-cherrypy/trunk/debian/changelog
===================================================================
--- packages/python-cherrypy/trunk/debian/changelog	2008-01-22 19:03:05 UTC (rev 4399)
+++ packages/python-cherrypy/trunk/debian/changelog	2008-01-24 16:02:00 UTC (rev 4400)
@@ -1,4 +1,4 @@
-python-cherrypy (2.2.1-4) UNRELEASED; urgency=low
+python-cherrypy (2.2.1-4) unstable; urgency=low
 
   [ Piotr Ożarowski ]
   * Vcs-Svn, Vcs-Browser and Homepage fields added
@@ -18,8 +18,23 @@
   * debian/control
     - uniforming Vcs-Browser field
 
- -- Piotr Ożarowski <piotr at debian.org>  Sat,  6 Oct 2007 23:47:01 +0200
+  [ Gustavo Noronha Silva ]
+  * acknowledging NMU by Nico, thanks! (Closes: #461069)
 
+ -- Gustavo Noronha Silva <kov at debian.org>  Thu, 24 Jan 2008 13:31:32 -0200
+
+python-cherrypy (2.2.1-3.1) unstable; urgency=high
+
+  * Non-maintainer upload by security team.
+  * This update addresses the following security issue:
+    - Directory traversal vulnerability in the _get_file_path function
+      in filter/sessionfilter.py allows remote attackers to create or
+      delete arbitrary files, and possibly read and write portions of
+      arbitrary files, via a crafted session id in a cookie
+      (CVE-2008-0252; Closes: #461069).
+
+ -- Nico Golde <nion at debian.org>  Fri, 18 Jan 2008 16:25:39 +0100
+
 python-cherrypy (2.2.1-3) unstable; urgency=low
 
   * debian/rules, debian/control:

Added: packages/python-cherrypy/trunk/debian/patches/04_CVE-2008-0252.diff
===================================================================
--- packages/python-cherrypy/trunk/debian/patches/04_CVE-2008-0252.diff	                        (rev 0)
+++ packages/python-cherrypy/trunk/debian/patches/04_CVE-2008-0252.diff	2008-01-24 16:02:00 UTC (rev 4400)
@@ -0,0 +1,12 @@
+diff -Nurad python-cherrypy-2.2.1~/cherrypy/filters/sessionfilter.py python-cherrypy-2.2.1/cherrypy/filters/sessionfilter.py
+--- python-cherrypy-2.2.1~/cherrypy/filters/sessionfilter.py	2008-01-18 16:21:27.000000000 +0100
++++ python-cherrypy-2.2.1/cherrypy/filters/sessionfilter.py	2008-01-18 16:23:36.000000000 +0100
+@@ -326,6 +326,8 @@
+             raise SessionStoragePathNotConfiguredError()
+         fileName = self.SESSION_PREFIX + id
+         file_path = os.path.join(storage_path, fileName)
++        if not os.path.normpath(file_path).startswith(storage_path):
++            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
+         return file_path
+     
+     def _lock_file(self, path):

More information about the Python-modules-commits mailing list