--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-152896 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152896 2006-03-15 --------------------------------------------------------------------- Name : mod_python Versions : rh73: mod_python-2.7.8-1.7.3.3.legacy Versions : rh9: mod_python-3.0.1-4.1.legacy Versions : fc1: mod_python-3.0.4-0.1.1.legacy Summary : An embedded Python interpreter for the Apache Web server. Description : Mod_python is a module that embeds the Python language interpreter within the server, allowing Apache handlers to be written in Python. --------------------------------------------------------------------- Update Information: An Updated mod_python package that fixes a security issue in the publisher handler is now available. Mod_python is a module that embeds the Python language interpreter within the Apache web server, allowing handlers to be written in Python. Graham Dumpleton discovered a flaw affecting the publisher handler of mod_python, used to make objects inside modules callable via URL. A remote user could visit a carefully crafted URL that would gain access to objects that should not be visible, leading to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0088 to this issue. Users of mod_python are advised to upgrade to this updated package, which contains a backported patch to correct this issue. --------------------------------------------------------------------- Changelogs rh73: * Sat Mar 11 2006 Jeff Sheltren <sheltren@xxxxxxxxxxx> 2.7.8-1.7.3.3.legacy - Patch for CAN-2005-0088 (#152896) - Patch config file to remove ieee linking which was causing build to fail rh9: * Sat Mar 11 2006 Jeff Sheltren <sheltren@xxxxxxxxxxx> 3.0.1-4.1.legacy - Patch for CAN-2005-0088 (#152896) - Patch configure script not to link with ieee lib fc1: * Sat Mar 11 2006 Jeff Sheltren <sheltren@xxxxxxxxxxx> 3.0.4-0.1.1.legacy - Patch for CAN-2005-0088 (#152896) - Patch configure script not to link to ieee lib --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: f936f1ddb29779efae651ff90a19fa17d4edb9f8 redhat/7.3/updates-testing/i386/mod_python-2.7.8-1.7.3.3.legacy.i386.rpm d7792718f71006a00d5e932009dff9b8688330a5 redhat/7.3/updates-testing/SRPMS/mod_python-2.7.8-1.7.3.3.legacy.src.rpm rh9: 6b1e637878a7af1f58f1127d07b7614334b71136 redhat/9/updates-testing/i386/mod_python-3.0.1-4.1.legacy.i386.rpm 5ef5e32ac4d17f77c602d99299baab7f7c00c52d redhat/9/updates-testing/SRPMS/mod_python-3.0.1-4.1.legacy.src.rpm fc1: d3959d23e0718b15a4a0b4fc4126b3198e7e98f8 fedora/1/updates-testing/i386/mod_python-3.0.4-0.1.1.legacy.i386.rpm 20c04acf2eadcb2d99cf6c076a6d1ea34537ed24 fedora/1/updates-testing/SRPMS/mod_python-3.0.4-0.1.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
