Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #2342 (closed defect: fixed)

Opened 10 years ago

Last modified 10 years ago

security issue with repoze in Turbogears 2.0.x

Reported by: cd34 Owned by:
Priority: normal Milestone:
Component: TurboGears Version: 2.0
Severity: normal Keywords:
Cc:

Description

I've forwarded a scenario that I've verified is exploitable to Mark Ramm via the email address he's subscribed to in groups.google.com/turbogears

I couldn't find a security email address on the website.

Change History

comment:1 Changed 10 years ago by zephyrxero

Does this involve the Repoze auth_tkt cookie? If so, we've found the issue as well, and it's severely in need of correction.

comment:2 Changed 10 years ago by jorge.vargas

  • Status changed from new to closed
  • Resolution set to fixed

I believe this is what triggered 2.0.3 if it's not the case then please reopen.

Note: See TracTickets for help on using tickets.