A vulnerability has been reported in CherryPy, which can be exploited by malicious people to bypass certain security settings.
The vulnerability is caused due to the improper handling of cookies when using file-based sessions. This can be exploited to access files outside the session directory by using directory traversal attacks via the session id.
The vulnerability is reported in version 2.2.1 and 3.0.2. Other versions may also be affected.
Fixed in development version 3.1b1 and in the SVN repository.
cherrypy-3.0.2-r1 includes upstream fix. I want to drop cherrypy-2.* as soon as this one has enough keywords.
Arches, please test and mark stable dev-python/cherrypy-3.0.2-r1.
Target keywords : "ia64 x86"
We also need 2.2 updated as at least turbogears needs it
(In reply to comment #3)
> We also need 2.2 updated as at least turbogears needs it
Thanks for reminding. cherrypy-2.2-r2 has the backported patch. I've also fixed the tests for python-2.5 and dropped old versions.
Target keywords for this version are ia64 and x86 as well.
Thanks a lot. Arches, here you go again.
voting time. I vote YES.
This probably allows writing files outside of the session directory. Definately YES.
GLSA 200801-11, thanks.