UbuntuUpdates - Bugs

Bugs fixes in "web2py"

Origin	Bug number	Title	Date fixed
CVE	CVE-2016-3952	web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to exampl	2019-06-21
CVE	CVE-2016-10321	web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attack	2019-06-21
CVE	CVE-2016-3953	The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded en	2019-06-21
CVE	CVE-2016-3954	web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: t	2019-06-21
CVE	CVE-2016-3957	The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which migh	2019-06-21
CVE	CVE-2016-3952	web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to exampl	2019-06-21
CVE	CVE-2016-10321	web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attack	2019-06-21
CVE	CVE-2016-3953	The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded en	2019-06-21
CVE	CVE-2016-3954	web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: t	2019-06-21
CVE	CVE-2016-3957	The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which migh	2019-06-21
Debian	650721	python-web2py: 'examples' app fails to work - Debian Bug report logs	2011-12-26

About - Send Feedback to @ubuntu_updates