Return-Path: 
 <announce-return-92-apmail-httpd-announce-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-announce-archive@www.apache.org
Received: (qmail 352 invoked from network); 13 Feb 2005 03:51:41 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 13 Feb 2005 03:51:41 -0000
Received: (qmail 19875 invoked by uid 500); 13 Feb 2005 03:48:48 -0000
Delivered-To: apmail-httpd-announce-archive@httpd.apache.org
Received: (qmail 19852 invoked by uid 500); 13 Feb 2005 03:48:48 -0000
Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:announce-help@httpd.apache.org>
list-unsubscribe: <mailto:announce-unsubscribe@httpd.apache.org>
list-post: <mailto:announce@httpd.apache.org>
Delivered-To: mailing list announce@httpd.apache.org
Delivered-To: moderator for announce@httpd.apache.org
Received: (qmail 96754 invoked by uid 99); 13 Feb 2005 03:01:02 -0000
X-ASF-Spam-Status: No, hits=0.1 required=10.0
	tests=FORGED_RCVD_HELO
X-Spam-Check-By: apache.org
Received-SPF: neutral (hermes.apache.org: local policy)
X-Authentication-Warning: grisha.dyndns.org: grisha owned process doing -bs
Date: Sat, 12 Feb 2005 22:00:56 -0500 (EST)
From: "Gregory (Grisha) Trubetskoy" <grisha@apache.org>
To: announce@httpd.apache.org, mod_python@modpython.org
cc: python-dev@httpd.apache.org
Subject: [ANNOUNCE] Mod_python 3.1.4 and 2.7.11 (security)
Message-ID: <20050212215825.Y58134@grisha.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N


The Apache Software Foundation and The Apache HTTP Server Project are pleased 
to announce the release of versions 3.1.4 and 2.7.11 of mod_python.

This release addresses a vulnerability in mod_python's publisher handler 
whereby a carefully crafted URL would expose objects that should not be 
visible, leading to an information leak. The Common Vulnerabilities and 
Exposures project (http://cve.mitre.org/) has assigned the name CAN-2005-0088 
to this issue.

Users of the publisher handler are urged to upgrade as soon as possible.

There are no other changes or improvements from the previous version in
this release.

At this point the new version is only available as a source code archive.
Users of mod_python on Win32 platform can update their installation by simply 
replacing the publisher.py file with the latest version from the source code 
archive.

Mod_python is available for download from:

http://httpd.apache.org/modules/python-download.cgi

For more information about mod_python visit
http://www.modpython.org/

Regards,

Grisha Trubetskoy