[Python-modules-commits] r4404 - in packages/cherrypy3/trunk/debian (2 files)

kov at users.alioth.debian.org kov at users.alioth.debian.org
Thu Jan 24 16:30:38 UTC 2008 

    Date: Thursday, January 24, 2008 @ 16:30:37
  Author: kov
Revision: 4404

apply security fix from upstream

Added:
  packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff
Modified:
  packages/cherrypy3/trunk/debian/changelog

Modified: packages/cherrypy3/trunk/debian/changelog
===================================================================
--- packages/cherrypy3/trunk/debian/changelog	2008-01-24 16:06:25 UTC (rev 4403)
+++ packages/cherrypy3/trunk/debian/changelog	2008-01-24 16:30:37 UTC (rev 4404)
@@ -1,4 +1,4 @@
-cherrypy3 (3.0.2-2) UNRELEASED; urgency=low
+cherrypy3 (3.0.2-2) unstable; urgency=low
 
   [ Piotr Ożarowski ]
   * Vcs-Browser and Homepage fields added
@@ -8,8 +8,16 @@
   * debian/control
     - fix Vcs-Browser field
 
- -- Sandro Tosi <matrixhasu at gmail.com>  Wed, 02 Jan 2008 16:36:26 +0100
+  [ Gustavo Noronha Silva ]
+  * This update addresses the following security issue:
+    - Directory traversal vulnerability in the _get_file_path function
+      in filter/sessionfilter.py allows remote attackers to create or
+      delete arbitrary files, and possibly read and write portions of
+      arbitrary files, via a crafted session id in a cookie
+      (CVE-2008-0252).
 
+ -- Gustavo Noronha Silva <kov at debian.org>  Thu, 24 Jan 2008 14:09:59 -0200
+
 cherrypy3 (3.0.2-1) unstable; urgency=low
 
   * New upstream release

Added: packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff
===================================================================
--- packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff	                        (rev 0)
+++ packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff	2008-01-24 16:30:37 UTC (rev 4404)
@@ -0,0 +1,14 @@
+Index: branches/cherrypy-3.0.x/cherrypy/lib/sessions.py
+===================================================================
+--- branches/cherrypy-3.0.x/cherrypy/lib/sessions.py (revision 1715)
++++ branches/cherrypy-3.0.x/cherrypy/lib/sessions.py (revision 1774)
+@@ -261,5 +261,8 @@
+     
+     def _get_file_path(self):
+-        return os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
++        f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
++        if not os.path.normpath(f).startswith(self.storage_path):
++            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
++        return f
+     
+     def _load(self, path=None):

More information about the Python-modules-commits mailing list