Launchpad.net

CVE 2008-6547

schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.

Related bugs and status

CVE-2008-6547 (Candidate) is related to these bugs:

Bug #493593: MIR for paste.

		In	Importance	Status
493593	MIR for paste.	paste (Ubuntu)	Undecided	Fix Released
493593	MIR for paste.	python-formencode (Ubuntu)	High	Fix Released
493593	MIR for paste.	paste (Ubuntu Lucid)	Undecided	Fix Released
493593	MIR for paste.	python-formencode (Ubuntu Lucid)	High	Fix Released
493593	MIR for paste.	scgi (Ubuntu)	High	Fix Released
493593	MIR for paste.	scgi (Ubuntu Lucid)	High	Fix Released

Bug #545317: [MIR] python-formencode

Summary				In	Importance	Status
	545317	[MIR] python-formencode		python-formencode (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

FEDORA: FEDORA-2008-6312
OSVDB: 47082
SECUNIA: 31081
SECUNIA: 31163
BID: 30282
CONFIRM: http://sourceforge.net...
CONFIRM: http://sourceforge.net...
XF: formencode-chainedvali...