[Python-modules-commits] r6638 - in packages/cherrypy3/trunk/debian (2 files)
kov at users.alioth.debian.org
kov at users.alioth.debian.org
Wed Oct 1 11:14:37 UTC 2008
Date: Wednesday, October 1, 2008 @ 11:14:36
Author: kov
Revision: 6638
removing already applied patch
Modified:
packages/cherrypy3/trunk/debian/changelog
Deleted:
packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff
Modified: packages/cherrypy3/trunk/debian/changelog
===================================================================
--- packages/cherrypy3/trunk/debian/changelog 2008-10-01 11:12:52 UTC (rev 6637)
+++ packages/cherrypy3/trunk/debian/changelog 2008-10-01 11:14:36 UTC (rev 6638)
@@ -1,6 +1,8 @@
cherrypy3 (3.1.0-1) experimental; urgency=low
* New upstream version
+ * debian/patches/03_CVE-2008-0252.diff:
+ - removed; applied upstream
-- Gustavo Noronha Silva <kov at debian.org> Wed, 01 Oct 2008 08:08:19 -0300
Deleted: packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff
===================================================================
--- packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff 2008-10-01 11:12:52 UTC (rev 6637)
+++ packages/cherrypy3/trunk/debian/patches/03_CVE-2008-0252.diff 2008-10-01 11:14:36 UTC (rev 6638)
@@ -1,14 +0,0 @@
-Index: branches/cherrypy-3.0.x/cherrypy/lib/sessions.py
-===================================================================
---- branches/cherrypy-3.0.x/cherrypy/lib/sessions.py (revision 1715)
-+++ branches/cherrypy-3.0.x/cherrypy/lib/sessions.py (revision 1774)
-@@ -261,5 +261,8 @@
-
- def _get_file_path(self):
-- return os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
-+ f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
-+ if not os.path.normpath(f).startswith(self.storage_path):
-+ raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
-+ return f
-
- def _load(self, path=None):
More information about the Python-modules-commits
mailing list