[SECURITY] Fedora 7 Update: python-cherrypy-2.2.1-8.fc7
updates at fedoraproject.org
updates at fedoraproject.org
Mon Jan 7 01:28:48 UTC 2008
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-0333
2008-01-07 00:51:35
--------------------------------------------------------------------------------
Name : python-cherrypy
Product : Fedora 7
Version : 2.2.1
Release : 8.fc7
URL : http://www.cherrypy.org/
Summary : A pythonic, object-oriented web development framework
Description :
CherryPy allows developers to build web applications in much the same way
they would build any other object-oriented Python program. This usually
results in smaller source code developed in less time.
--------------------------------------------------------------------------------
Update Information:
Fixes a security issue with a backport from upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 6 2008 Toshio Kuratomi <toshio at fedoraproject.org> 2.2.1-8
- Fix a security bug with a backport of http://www.cherrypy.org/changeset/1775
- Include the egginfo files as well as the python files.
* Sat Nov 3 2007 Luke Macken <lmacken at redhat.com> 2.2.1-7
- Apply backported fix from http://www.cherrypy.org/changeset/1766
to improve CherryPy's SIGSTOP/SIGCONT handling (Bug #364911).
Thanks to Nils Philippsen for the patch.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #427664 - CherryPy security hole still unpatched: Malicious cookies may allow access to files outside the session directory
https://bugzilla.redhat.com/show_bug.cgi?id=427664
--------------------------------------------------------------------------------
Updated packages:
f0bd4884eeacc263cc66c6c56fdf7a00702afc4e python-cherrypy-2.2.1-8.fc7.noarch.rpm
69483afe8a3a2319701496ff5cb17a9f5d4e534d python-cherrypy-2.2.1-8.fc7.src.rpm
This update can be installed with the "yum" update program. Use
su -c 'yum update python-cherrypy'
at the command line. For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------
More information about the package-announce
mailing list