LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for August 21, 2008

Standards, the kernel, and Postfix

In defense of Ubuntu

Why the JMRI decision matters

LWN.net Weekly Edition for August 14, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2008-0333 (python-cherrypy)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: python-cherrypy-2.2.1-8.fc7


Date:
    	      Sun, 06 Jan 2008 18:28:48 -0700


Message-ID:
    	      <200801070128.m071SOMb002583@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-0333
2008-01-07 00:51:35
--------------------------------------------------------------------------------

Name        : python-cherrypy
Product     : Fedora 7
Version     : 2.2.1
Release     : 8.fc7
URL         : http://www.cherrypy.org/
Summary     : A pythonic, object-oriented web development framework
Description :
CherryPy allows developers to build web applications in much the same way
they would build any other object-oriented Python program. This usually
results in smaller source code developed in less time.

--------------------------------------------------------------------------------
Update Information:

Fixes a security issue with a backport from upstream.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jan  6 2008 Toshio Kuratomi <toshio@fedoraproject.org> 2.2.1-8
- Fix a security bug with a backport of http://www.cherrypy.org/changeset/1775
- Include the egginfo files as well as the python files.
* Sat Nov  3 2007 Luke Macken <lmacken@redhat.com> 2.2.1-7
- Apply backported fix from http://www.cherrypy.org/changeset/1766
  to improve CherryPy's SIGSTOP/SIGCONT handling (Bug #364911).
  Thanks to Nils Philippsen for the patch.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #427664 - CherryPy security hole still unpatched: Malicious cookies may allow access to
files outside the session directory
        https://bugzilla.redhat.com/show_bug.cgi?id=427664
--------------------------------------------------------------------------------
Updated packages:

f0bd4884eeacc263cc66c6c56fdf7a00702afc4e python-cherrypy-2.2.1-8.fc7.noarch.rpm
69483afe8a3a2319701496ff5cb17a9f5d4e534d python-cherrypy-2.2.1-8.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update python-cherrypy' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.