[Python-modules-commits] r4404 - in packages/cherrypy3/trunk/debian (2 files)
kov at users.alioth.debian.org
kov at users.alioth.debian.org
Thu Jan 24 16:30:38 UTC 2008
Date: Thursday, January 24, 2008 @ 16:30:37
Author: kov
Revision: 4404
apply security fix from upstream
Added:
packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff
Modified:
packages/cherrypy3/trunk/debian/changelog
Modified: packages/cherrypy3/trunk/debian/changelog
===================================================================
--- packages/cherrypy3/trunk/debian/changelog 2008-01-24 16:06:25 UTC (rev 4403)
+++ packages/cherrypy3/trunk/debian/changelog 2008-01-24 16:30:37 UTC (rev 4404)
@@ -1,4 +1,4 @@
-cherrypy3 (3.0.2-2) UNRELEASED; urgency=low
+cherrypy3 (3.0.2-2) unstable; urgency=low
[ Piotr Ożarowski ]
* Vcs-Browser and Homepage fields added
@@ -8,8 +8,16 @@
* debian/control
- fix Vcs-Browser field
- -- Sandro Tosi <matrixhasu at gmail.com> Wed, 02 Jan 2008 16:36:26 +0100
+ [ Gustavo Noronha Silva ]
+ * This update addresses the following security issue:
+ - Directory traversal vulnerability in the _get_file_path function
+ in filter/sessionfilter.py allows remote attackers to create or
+ delete arbitrary files, and possibly read and write portions of
+ arbitrary files, via a crafted session id in a cookie
+ (CVE-2008-0252).
+ -- Gustavo Noronha Silva <kov at debian.org> Thu, 24 Jan 2008 14:09:59 -0200
+
cherrypy3 (3.0.2-1) unstable; urgency=low
* New upstream release
Added: packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff
===================================================================
--- packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff (rev 0)
+++ packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff 2008-01-24 16:30:37 UTC (rev 4404)
@@ -0,0 +1,14 @@
+Index: branches/cherrypy-3.0.x/cherrypy/lib/sessions.py
+===================================================================
+--- branches/cherrypy-3.0.x/cherrypy/lib/sessions.py (revision 1715)
++++ branches/cherrypy-3.0.x/cherrypy/lib/sessions.py (revision 1774)
+@@ -261,5 +261,8 @@
+
+ def _get_file_path(self):
+- return os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
++ f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
++ if not os.path.normpath(f).startswith(self.storage_path):
++ raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
++ return f
+
+ def _load(self, path=None):
More information about the Python-modules-commits
mailing list