As announced on the mailing list:
If you are using the recently released mod_python 3.2.7 please beware that a
security issue was discovered in the FileSession code.
You are vulnerable only if you are using mod_python 3.2.7 AND you are using
FileSession to keep sessions. FileSession is new in 3.2.7 and is not enabled by
default, therefore if you are using mod_python Session in its default
configuration you are not vulnerable.
The extent of this vulnerability is limited. Only a user who already has an
account (or some ability to write to the filesystem) on the system running
httpd could exploit it, and to the best of our knowledge such a user could
potentially cause httpd to execute arbitrary code.
We are working on a security release of the next version of mod_python and
expect it to be out shortly. Until then, please do not use FileSession.