83074 – mod_python exploit in 3.1 & 2.7 trees

Bug 83074 - mod_python exploit in 3.1 & 2.7 trees

Summary: mod_python exploit in 3.1 & 2.7 trees

Status:	RESOLVED DUPLICATE of bug 80109

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://www.modpython.org/3.1.4.html
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-02-23 07:55 UTC by Davin Boling
Modified:	2005-07-17 13:06 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Davin Boling 2005-02-23 07:55:49 UTC

See attached URL. Versions 3.1.4 and 2.7.11 have been released to address this security issue. These new versions only contain a fix for the security issue in question, and offer no new functionality.


An emergency workaround for those who do not wish to wait on the stable ebuilds can be found here:
http://www.modpython.org/pipermail/mod_python/2005-February/017418.html

Reproducible: Always
Steps to Reproduce:

Comment 1 Davin Boling 2005-02-23 07:59:58 UTC

Should have labelled this as a security issue instead of an ebuild issue. Reassigning.

Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev

2005-02-23 08:33:57 UTC

This was GLSA 200502-14 with bug 80109.

*** This bug has been marked as a duplicate of 80109 ***