[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora Legacy Test Update Notification: mod_python



---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-152896
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152896
2006-03-15
---------------------------------------------------------------------

Name        : mod_python
Versions    : rh73: mod_python-2.7.8-1.7.3.3.legacy
Versions    : rh9: mod_python-3.0.1-4.1.legacy
Versions    : fc1: mod_python-3.0.4-0.1.1.legacy
Summary     : An embedded Python interpreter for the Apache Web server.
Description :
Mod_python is a module that embeds the Python language interpreter
within the server, allowing Apache handlers to be written in Python.

---------------------------------------------------------------------
Update Information:

An Updated mod_python package that fixes a security issue in the
publisher handler is now available.

Mod_python is a module that embeds the Python language interpreter
within the Apache web server, allowing handlers to be written in Python.

Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain access
to objects that should not be visible, leading to an information leak.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0088 to this issue.

Users of mod_python are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Sat Mar 11 2006 Jeff Sheltren <sheltren cs ucsb edu> 2.7.8-1.7.3.3.legacy
- Patch for CAN-2005-0088 (#152896)
- Patch config file to remove ieee linking which was causing build to fail

rh9:
* Sat Mar 11 2006 Jeff Sheltren <sheltren cs ucsb edu> 3.0.1-4.1.legacy
- Patch for CAN-2005-0088 (#152896)
- Patch configure script not to link with ieee lib

fc1:
* Sat Mar 11 2006 Jeff Sheltren <sheltren cs ucsb edu> 3.0.4-0.1.1.legacy
- Patch for CAN-2005-0088 (#152896)
- Patch configure script not to link to ieee lib

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
f936f1ddb29779efae651ff90a19fa17d4edb9f8
redhat/7.3/updates-testing/i386/mod_python-2.7.8-1.7.3.3.legacy.i386.rpm
d7792718f71006a00d5e932009dff9b8688330a5
redhat/7.3/updates-testing/SRPMS/mod_python-2.7.8-1.7.3.3.legacy.src.rpm

rh9:
6b1e637878a7af1f58f1127d07b7614334b71136
redhat/9/updates-testing/i386/mod_python-3.0.1-4.1.legacy.i386.rpm
5ef5e32ac4d17f77c602d99299baab7f7c00c52d
redhat/9/updates-testing/SRPMS/mod_python-3.0.1-4.1.legacy.src.rpm

fc1:
d3959d23e0718b15a4a0b4fc4126b3198e7e98f8
fedora/1/updates-testing/i386/mod_python-3.0.4-0.1.1.legacy.i386.rpm
20c04acf2eadcb2d99cf6c076a6d1ea34537ed24
fedora/1/updates-testing/SRPMS/mod_python-3.0.4-0.1.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]