Summary: | dev-python/cherrypy: directory transversal vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Harlan Lieberman-Berg (RETIRED) <hlieberman> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0847 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Harlan Lieberman-Berg (RETIRED)
2006-05-24 16:56:33 UTC
x86, please mark at least version 2.1.1 stable, thank you on x86: [ebuild N ] dev-python/cherrypy-2.1.1 Passes all tests and installs fine. When running the HelloWorld example from the cherrypy website I didn't notice any problems. The output mentioned the server was running at port 8080 so I connected to the port with a browser and saw the webpage with the correct content. x86 done... thanks Sander... ready for glsa vote, tend to say no I tend to vote yes I vote yes since you might be able to reveal DB passwords and other stuff like that. k, lets have a glsa GLSA 200605-16 Thanks everybody |