Imported Debian patch 3.0.2-2
Gustavo Noronha Silva
16 years ago
|
0 |
cherrypy3 (3.0.2-2) unstable; urgency=low
|
|
1 |
|
|
2 |
[ Piotr Ożarowski ]
|
|
3 |
* Vcs-Browser and Homepage fields added
|
|
4 |
* Rename XS-Vcs-Svn to Vcs-Svn
|
|
5 |
|
|
6 |
[ Sandro Tosi ]
|
|
7 |
* debian/control
|
|
8 |
- fix Vcs-Browser field
|
|
9 |
|
|
10 |
[ Gustavo Noronha Silva ]
|
|
11 |
* This update addresses the following security issue:
|
|
12 |
- Directory traversal vulnerability in the _get_file_path function
|
|
13 |
in filter/sessionfilter.py allows remote attackers to create or
|
|
14 |
delete arbitrary files, and possibly read and write portions of
|
|
15 |
arbitrary files, via a crafted session id in a cookie
|
|
16 |
(CVE-2008-0252).
|
|
17 |
* debian/control:
|
|
18 |
- updated standards-version to 3.7.3; no changes
|
|
19 |
|
|
20 |
-- Gustavo Noronha Silva <kov@debian.org> Thu, 24 Jan 2008 14:30:48 -0200
|
|
21 |
|
| 0 | 22 |
cherrypy3 (3.0.2-1) unstable; urgency=low
|
| 1 | 23 |
|
| 2 | 24 |
* New upstream release
|
| 4 | 4 |
Uploaders: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
|
| 5 | 5 |
Build-Depends: cdbs (>= 0.4.42), debhelper (>= 5.0.37.1), python-setuptools (>= 0.6a9-1), python-all-dev (>= 2.3.5-11), python-support (>= 0.6.4)
|
| 6 | 6 |
Build-Depends-Indep: python-epydoc
|
| 7 | |
Standards-Version: 3.7.2
|
|
7 |
Standards-Version: 3.7.3
|
|
8 |
Homepage: http://www.cherrypy.org/
|
| 8 | 9 |
XS-Python-Version: >= 2.3
|
| 9 | |
XS-Vcs-Svn: svn://svn.debian.org/python-modules/packages/cherrypy3/trunk/
|
|
10 |
Vcs-Svn: svn://svn.debian.org/python-modules/packages/cherrypy3/trunk/
|
|
11 |
Vcs-Browser: http://svn.debian.org/wsvn/python-modules/packages/cherrypy3/trunk/?op=log
|
| 10 | 12 |
|
| 11 | 13 |
Package: python-cherrypy3
|
| 12 | 14 |
Architecture: all
|
|
| 30 | 32 |
provides its own HTTP server; setting it up behind another HTTP
|
| 31 | 33 |
server, such as Apache, or even with mod_python are also options.
|
| 32 | 34 |
.
|
| 33 | |
Homepage: http://www.cherrypy.org/
|
| 34 | |
.
|
| 35 | 35 |
This version is backwards incompatible with the 2.2 version in some
|
| 36 | 36 |
ways. See http://www.cherrypy.org/wiki/UpgradeTo30.
|
|
0 |
Index: branches/cherrypy-3.0.x/cherrypy/lib/sessions.py
|
|
1 |
===================================================================
|
|
2 |
--- branches/cherrypy-3.0.x/cherrypy/lib/sessions.py (revision 1715)
|
|
3 |
+++ branches/cherrypy-3.0.x/cherrypy/lib/sessions.py (revision 1774)
|
|
4 |
@@ -261,5 +261,8 @@
|
|
5 |
|
|
6 |
def _get_file_path(self):
|
|
7 |
- return os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
|
|
8 |
+ f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
|
|
9 |
+ if not os.path.normpath(f).startswith(self.storage_path):
|
|
10 |
+ raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
|
|
11 |
+ return f
|
|
12 |
|
|
13 |
def _load(self, path=None):
|