It was discovered that a directory traversal vulnerability in CherryPy, a pythonic, object-oriented web development framework, may lead to denial of service by deleting files through malicious session IDs in cookies. The old stable distribution (sarge) doesn't contain python-cherrypy. For the stable distribution (etch), this problem has been fixed in version 2.2.1-3etch1. We recommend that you upgrade your python-cherrypy packages.
It was discovered that a directory traversal vulnerability in CherryPy, a pythonic, object-oriented web development framework, may lead to denial of service by deleting files through malicious session IDs in cookies.
The old stable distribution (sarge) doesn't contain python-cherrypy.
For the stable distribution (etch), this problem has been fixed in version 2.2.1-3etch4.
We recommend that you upgrade your python-cherrypy packages.
MD5 checksums of the listed files are available in the original advisory.