Package: python-django
Version: 0.95-2
A vulnerability in the script used by Django to compile message files
for use by its internationalization system was discovered and fixed
after the 0.95 release; the compile-messages script was not escaping the
names of files it handled, which meant that arbitrary commands could be
executed as a result of maliciously-named .po files.
This was fixed in revision 3592 of Django trunk[1], and that changeset
applies cleanly to stock Django 0.95.
http://code.djangoproject.com/changeset/3592
--
James Bennett
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
