Bug#481164: marked as done (python-django: CVE-2008-2302 cross-site scripting vulnerability)

Debian Bug Tracking System Mon, 19 May 2008 15:28:38 -0700

Your message dated Mon, 19 May 2008 22:02:24 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#481164: fixed in python-django 0.97~svn7534-1
has caused the Debian Bug report #481164,
regarding python-django: CVE-2008-2302 cross-site scripting vulnerability
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
481164: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481164
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: python-django
Version: 0.97~svn7189-1
Severity: grave
Tags: security
Justification: user security hole

http://www.djangoproject.com/weblog/2008/may/14/security/

Updates need to be prepared for etch, sid/lenny, and experimental.

Brett, can you take care of all this? (Also handling the few open bugs for
the sid/experimental upload would be nice)

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages python-django depends on:
ii  python                        2.5.2-1    An interactive high-level object-o
ii  python-support                0.8.1      automated rebuilding support for P

Versions of packages python-django recommends:
ii  python-pysqlite2              2.4.1-1    Python interface to SQLite 3

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: python-django
Source-Version: 0.97~svn7534-1

We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive:

python-django_0.97~svn7534-1.diff.gz
  to pool/main/p/python-django/python-django_0.97~svn7534-1.diff.gz
python-django_0.97~svn7534-1.dsc
  to pool/main/p/python-django/python-django_0.97~svn7534-1.dsc
python-django_0.97~svn7534-1_all.deb
  to pool/main/p/python-django/python-django_0.97~svn7534-1_all.deb
python-django_0.97~svn7534.orig.tar.gz
  to pool/main/p/python-django/python-django_0.97~svn7534.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphael Hertzog <[EMAIL PROTECTED]> (supplier of updated python-django package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 19 May 2008 23:41:50 +0200
Source: python-django
Binary: python-django
Architecture: source all
Version: 0.97~svn7534-1
Distribution: experimental
Urgency: low
Maintainer: Brett Parker <[EMAIL PROTECTED]>
Changed-By: Raphael Hertzog <[EMAIL PROTECTED]>
Description: 
 python-django - A high-level Python Web framework
Closes: 409565 481051 481164
Changes: 
 python-django (0.97~svn7534-1) experimental; urgency=low
 .
   * New upstream snapshot. Closes: #409565, #481051
     - Include an XSS security fix (CVE-2008-2302). Closes: #481164
   * Drop debian/patches/04_pg_version_fix.diff as another fix
     has been committed upstream (see http://code.djangoproject.com/ticket/6433
     and http://code.djangoproject.com/changeset/7415).
   * Add some headers to the remaining patches.
Checksums-Sha1: 
 609c93e99d6e02e4b2e4e03a5db5e0653fe46791 1539 python-django_0.97~svn7534-1.dsc
 f46823c5e079234b2868ed1dd3e4eba7703b2cb9 2825714 
python-django_0.97~svn7534.orig.tar.gz
 3610f39e843efbea308f46d2a34c0dcb9e445977 8184 
python-django_0.97~svn7534-1.diff.gz
 5b73c90d1cffb7da9f0a8e2773f0b21ef1d42127 2686160 
python-django_0.97~svn7534-1_all.deb
Checksums-Sha256: 
 2ea309fcf8a1d70302e7ad5d31ba88c2b1995433ac04c531652ba628d444db08 1539 
python-django_0.97~svn7534-1.dsc
 5a565206dd41e1a1c63c71ff4fd82563b85a3735de1a9dd5b0cac2ae5d848413 2825714 
python-django_0.97~svn7534.orig.tar.gz
 46e46b5cefe556ae231570ca32565b2d8d65a5457edc487877613f9399050d99 8184 
python-django_0.97~svn7534-1.diff.gz
 fb8735c51dba67a5f0af62ff62ef57e197f74f94dba123ffcf244ba88d59668a 2686160 
python-django_0.97~svn7534-1_all.deb
Files: 
 0040c189624316c4af00504af564963f 1539 python optional 
python-django_0.97~svn7534-1.dsc
 02f902fef60a7fd88f3c53c9217d1ad5 2825714 python optional 
python-django_0.97~svn7534.orig.tar.gz
 19524429591ee8c39056b60bdfe2e1ba 8184 python optional 
python-django_0.97~svn7534-1.diff.gz
 0af5712966e124235e93524c608fb0a1 2686160 python optional 
python-django_0.97~svn7534-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Raphael Hertzog

iD8DBQFIMfSdvPbGD26BadIRAqjCAJ96j6ylw5eJVk+19aC09ILlfPOw+wCeJ8/i
yZuD0L198uE5chsd3NRlaIw=
=6RJo
-----END PGP SIGNATURE-----

--- End Message ---

Bug#481164: marked as done (python-django: CVE-2008-2302 cross-site scripting vulnerability)

Reply via email to