httpd-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregory (Grisha) Trubetskoy" <>
Subject [ANNOUNCE] Mod_python 3.2.8 (security)
Date Fri, 24 Feb 2006 15:16:21 GMT

The Apache Software Foundation and The Apache HTTP Server Project are
pleased to announce the release of version 3.2.8 of mod_python.

This release addresses a vulnerability in mod_python's FileSession
object whereby a carefully crafted session cookie could potentially
permit an attacker to execute code on the server.

FileSession was introduced in mod_python 3.2.7 released on February 15
2006 and is not enabled by default, therefore only a very small number
of installations, if any, are likely to be affected by this issue.

There are no other changes or improvements from the previous version in
this release.

Mod_python is available for download from:

For more information about mod_python visit


Gregory Trubetskoy

View raw message