Package: python-cherrypy Severity: grave Tags: security Justification: user security hole
Cite: Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors. http://www.securityfocus.com/bid/16760 claims this also affects cherrypy 2.0. If this is true, it should be fixed as well (see #353542 for 2.1). Please mention the CVE number in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
