Your message dated Sat, 29 Oct 2011 19:53:26 +0000
with message-id <e1rkey6-0004bs...@franck.debian.org>
and subject line Bug#641405: fixed in python-django 1.2.3-3+squeeze2
has caused the Debian Bug report #641405,
regarding several Django security issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
641405: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641405
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-django
Severity: serious
Tags: security
Hi,
Several security issues were announced in Django:
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
and a regression fix was later posted:
https://www.djangoproject.com/weblog/2011/sep/10/127/
Can you please ensure that unstable is fixed for these issues, and analyse
whether updates to stable and oldstable security are necessary?
CVE id's are not assigned yet at this point, but there's no need to wait
for them to continue.
Thanks,
Thijs
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 1.2.3-3+squeeze2
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive:
python-django-doc_1.2.3-3+squeeze2_all.deb
to main/p/python-django/python-django-doc_1.2.3-3+squeeze2_all.deb
python-django_1.2.3-3+squeeze2.debian.tar.gz
to main/p/python-django/python-django_1.2.3-3+squeeze2.debian.tar.gz
python-django_1.2.3-3+squeeze2.dsc
to main/p/python-django/python-django_1.2.3-3+squeeze2.dsc
python-django_1.2.3-3+squeeze2_all.deb
to main/p/python-django/python-django_1.2.3-3+squeeze2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 641...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphaël Hertzog <hert...@debian.org> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 06 Oct 2011 12:20:30 +0200
Source: python-django
Binary: python-django python-django-doc
Architecture: source all
Version: 1.2.3-3+squeeze2
Distribution: stable-security
Urgency: low
Maintainer: Chris Lamb <la...@debian.org>
Changed-By: Raphaël Hertzog <hert...@debian.org>
Description:
python-django - High-level Python web development framework
python-django-doc - High-level Python web development framework (documentation)
Closes: 641405
Changes:
python-django (1.2.3-3+squeeze2) stable-security; urgency=low
.
* Stable security upload:
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
* Apply/backport the 3 security patches:
- debian/patches/13_fix_safety_issue_with_session_data.diff
- debian/patches/14_fix_dos_with_urlfield.diff
- debian/patches/15_fix_spoofing_issue_with_x_forwarded_host.diff
Closes: #641405
Checksums-Sha1:
e8b728de85d334e7fd6e0f853ffceeceaab76767 2214
python-django_1.2.3-3+squeeze2.dsc
545ac4cbf8c0dd4d5e7d41112784817b4bd5505b 28403
python-django_1.2.3-3+squeeze2.debian.tar.gz
60968834b55e4a8b5bd7c86d523568f7e1c9a4b0 4239356
python-django_1.2.3-3+squeeze2_all.deb
1d4a77872b38562e17ab75177f7de92e6f77ea08 1903840
python-django-doc_1.2.3-3+squeeze2_all.deb
Checksums-Sha256:
56a3c3b6f6aa28f25b87ab207eb7a750a6777eaed6e64e3fbc7379f636731418 2214
python-django_1.2.3-3+squeeze2.dsc
88daa2ce089effd2f7ed1eceae948f83baaf76fce735f0612192ed6ed166e848 28403
python-django_1.2.3-3+squeeze2.debian.tar.gz
cb483197afe9f2ac40a847b77754d3cc2f2ba8663a19a53e664b1ef4626b1f03 4239356
python-django_1.2.3-3+squeeze2_all.deb
536d2671884ee1a6736a6d8d6e26839cc3125d129d045e554700c1521a40fa13 1903840
python-django-doc_1.2.3-3+squeeze2_all.deb
Files:
f22de39ad2b31db364683028e21aac67 2214 python optional
python-django_1.2.3-3+squeeze2.dsc
b9c5b0981589d83ce0a6ba6924181651 28403 python optional
python-django_1.2.3-3+squeeze2.debian.tar.gz
07f1df0d4abbfffb2db5b23e84c0d623 4239356 python optional
python-django_1.2.3-3+squeeze2_all.deb
1ba01f825a03e42ac896999507b25117 1903840 doc optional
python-django-doc_1.2.3-3+squeeze2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Signed by Raphael Hertzog
iQIcBAEBCAAGBQJOlTmjAAoJEOYZBF3yrHKa8RkP/27HydJ4d3VLWDQxUehRnIDm
a1D4tHn4H8iUBKEG9SnCAwSnMnUtxLdO7MsDgCNmDHca2UeXmpJTFLzZEzG3ziTf
2vnqp0WD2z2MiVJ/lHMMSw09x/8M/ivOE+aDKyxfQhXX/mqk19kOP1n4mltsLjbA
AxOoRWHR+shCVULzt+mkMgm9eg1SfEYNZclfkN4tggBPqf9UPtD8yKjNpYM5P3tK
JhkKLIB92jz2IEjf2dRuRnPEdJdDm1dYRccHyx4CwBqYU9PetDHY9W8LFZ8eMe+u
5m/8EQ4NGcwrNfTf709ekL4oe72joDiPtTPgXh2jJiX5BswRh8v6uqYqz/98LQzh
dQKaPDtFbB5Y6rzOmiez2u9PDitwzRQaEFdmPfGKYicLqz29yq5yn7MsUvqvD1VS
BzSGBnYiNfnNyxtpP4hMIIQf8Sh9m3IAZmHn/DgdAN4zbWc1Y7l/nt1G8Jquggj+
aBv1gQv+NsfP2MVUijKgJnPkPNnajrLepKsc9+DoImsgKD2sh967FkmJlR/bfwb3
3C4I0IFzxKnRlfDvAdrJbAERs4quDrOcEZ/LjYPnIaAX2REILti/pkt9CK0GtY9j
mq9pljk30FQLHjkZE2Ai4VKZ/fbit57zb7YN1qhtDZnndtS3kYfWIX9Ifp/8K1tU
QQ+OAodTP1swbwYsmwDJ
=IgkH
-----END PGP SIGNATURE-----
--- End Message ---
