Package: python-cherrypy2.1 Version: 2.1.0-1 Severity: important Cut from the CherryPy website:
2006-01-10 CherryPy-2.1.1 released. Fixes serious security flaw in 2.1.0. We just fixed a serious security flaw in staticfilter. Basically, if you used staticfilter anyone could read any file on your system by requesting URLs with ".." in them. The fix is in SVN and we backported it to the 2.1.0 release. If you're running 2.1.0 we recommend that you upgrade to 2.1.1 ASAP. Download links are on the download page. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-k7 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Versions of packages python-cherrypy2.1 depends on: ii python 2.3.5-5 An interactive high-level object-o ii python2.3-cherrypy2.1 2.1.0-1 Python web development framework f python-cherrypy2.1 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
