cherrypy3 (3.0.2-2) unstable; urgency=low
[ Piotr Ożarowski ]
* Vcs-Browser and Homepage fields added
* Rename XS-Vcs-Svn to Vcs-Svn
[ Sandro Tosi ]
* debian/control
- fix Vcs-Browser field
[ Gustavo Noronha Silva ]
* This update addresses the following security issue:
- Directory traversal vulnerability in the _get_file_path function
in filter/sessionfilter.py allows remote attackers to create or
delete arbitrary files, and possibly read and write portions of
arbitrary files, via a crafted session id in a cookie
(CVE-2008-0252).
* debian/control:
- updated standards-version to 3.7.3; no changes
-- Michael Bienia <email address hidden> Tue, 29 Jan 2008 02:34:16 +0000