Fedora Legacy Test Update Notification: mod_python
Marc Deslauriers
marcdeslauriers at videotron.ca
Thu Mar 16 01:30:24 UTC 2006
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-152896
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152896
2006-03-15
---------------------------------------------------------------------
Name : mod_python
Versions : rh73: mod_python-2.7.8-1.7.3.3.legacy
Versions : rh9: mod_python-3.0.1-4.1.legacy
Versions : fc1: mod_python-3.0.4-0.1.1.legacy
Summary : An embedded Python interpreter for the Apache Web server.
Description :
Mod_python is a module that embeds the Python language interpreter
within the server, allowing Apache handlers to be written in Python.
---------------------------------------------------------------------
Update Information:
An Updated mod_python package that fixes a security issue in the
publisher handler is now available.
Mod_python is a module that embeds the Python language interpreter
within the Apache web server, allowing handlers to be written in Python.
Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain access
to objects that should not be visible, leading to an information leak.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0088 to this issue.
Users of mod_python are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.
---------------------------------------------------------------------
Changelogs
rh73:
* Sat Mar 11 2006 Jeff Sheltren <sheltren at cs.ucsb.edu> 2.7.8-1.7.3.3.legacy
- Patch for CAN-2005-0088 (#152896)
- Patch config file to remove ieee linking which was causing build to fail
rh9:
* Sat Mar 11 2006 Jeff Sheltren <sheltren at cs.ucsb.edu> 3.0.1-4.1.legacy
- Patch for CAN-2005-0088 (#152896)
- Patch configure script not to link with ieee lib
fc1:
* Sat Mar 11 2006 Jeff Sheltren <sheltren at cs.ucsb.edu> 3.0.4-0.1.1.legacy
- Patch for CAN-2005-0088 (#152896)
- Patch configure script not to link to ieee lib
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh73:
f936f1ddb29779efae651ff90a19fa17d4edb9f8
redhat/7.3/updates-testing/i386/mod_python-2.7.8-1.7.3.3.legacy.i386.rpm
d7792718f71006a00d5e932009dff9b8688330a5
redhat/7.3/updates-testing/SRPMS/mod_python-2.7.8-1.7.3.3.legacy.src.rpm
rh9:
6b1e637878a7af1f58f1127d07b7614334b71136
redhat/9/updates-testing/i386/mod_python-3.0.1-4.1.legacy.i386.rpm
5ef5e32ac4d17f77c602d99299baab7f7c00c52d
redhat/9/updates-testing/SRPMS/mod_python-3.0.1-4.1.legacy.src.rpm
fc1:
d3959d23e0718b15a4a0b4fc4126b3198e7e98f8
fedora/1/updates-testing/i386/mod_python-3.0.4-0.1.1.legacy.i386.rpm
20c04acf2eadcb2d99cf6c076a6d1ea34537ed24
fedora/1/updates-testing/SRPMS/mod_python-3.0.4-0.1.1.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060315/ce287702/attachment.sig>
More information about the fedora-legacy-list
mailing list