Ticket #2342 (closed defect: fixed)

Opened 9 months ago

Last modified 4 months ago

security issue with repoze in Turbogears 2.0.x

Reported by: cd34 Assigned to:
Priority: normal Milestone:
Component: TurboGears Version: 2.0
Severity: normal Keywords:
Cc:

Description

I've forwarded a scenario that I've verified is exploitable to Mark Ramm via the email address he's subscribed to in groups.google.com/turbogears

I couldn't find a security email address on the website.

Change History

08/05/09 17:40:36 changed by zephyrxero

Does this involve the Repoze auth_tkt cookie? If so, we've found the issue as well, and it's severely in need of correction.

11/17/09 07:53:17 changed by jorge.vargas

  • status changed from new to closed.
  • resolution set to fixed.

I believe this is what triggered 2.0.3 if it's not the case then please reopen.