Your message dated Fri, 17 Aug 2012 20:40:01 +0000 with message-id <e1t2tkr-0005he...@franck.debian.org> and subject line Bug#683364: fixed in python-django 1.2.3-3+squeeze3 has caused the Debian Bug report #683364, regarding CVE-2012-3442/CVE-2012-3443/CVE-2012-3444: Django 1.3.1 and 1.4.0 security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683364: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683364 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Version: 1.4-1 Severity: important Tags: security https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ http://www.openwall.com/lists/oss-security/2012/07/31/1 http://www.openwall.com/lists/oss-security/2012/07/31/2 - Henri Salo
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 1.2.3-3+squeeze3 We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 683...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphaël Hertzog <hert...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 02 Aug 2012 11:05:53 +0200 Source: python-django Binary: python-django python-django-doc Architecture: source all Version: 1.2.3-3+squeeze3 Distribution: stable-security Urgency: high Maintainer: Chris Lamb <la...@debian.org> Changed-By: Raphaël Hertzog <hert...@debian.org> Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Closes: 683364 Changes: python-django (1.2.3-3+squeeze3) stable-security; urgency=high . * Stable security upload: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ Fixes: CVE-2012-3442 CVE-2012-3443 CVE-2012-3444 * Apply/backport the 3 security patches: - debian/patches/16_fix_cross_site_scripting_in_authentication.diff - debian/patches/17_fix_dos_in_image_validation.diff - debian/patches/18_fix_dos_via_get_image_dimensions.diff Closes: #683364 Checksums-Sha1: db06de100f0cdc9c764d1ae90bbd7c148cae7c27 2214 python-django_1.2.3-3+squeeze3.dsc 5840c65319e6889984bb33d343778ee524811174 30059 python-django_1.2.3-3+squeeze3.debian.tar.gz 06dde38874023f139ad41a6481254b7a1a82b873 4239072 python-django_1.2.3-3+squeeze3_all.deb 2527f396d2606ae3165490215e9c9d5a0e4bc2cb 1903824 python-django-doc_1.2.3-3+squeeze3_all.deb Checksums-Sha256: be216548b799068b8604a56a0cb1b47f68db32f072bb0e4c7e5964f1bd58ac31 2214 python-django_1.2.3-3+squeeze3.dsc 39d24cf22c491fedeb978f93bca3a69e4caa15f4a73e7653a60e1c427139bff1 30059 python-django_1.2.3-3+squeeze3.debian.tar.gz 5addcb469066d34a44281fe07aec301752d860ed3571416d69c1257bcd088054 4239072 python-django_1.2.3-3+squeeze3_all.deb 09859529e501cef1b6a426b52ae0c6feb3fd8a005cbdb0b154ef4573c61734f0 1903824 python-django-doc_1.2.3-3+squeeze3_all.deb Files: db76d856e41f2afd3627bd835fbdf211 2214 python optional python-django_1.2.3-3+squeeze3.dsc 03d8d20663be27efb684d4664c5f7cd8 30059 python optional python-django_1.2.3-3+squeeze3.debian.tar.gz debd8f20a11aa5e0fabf6a6f2c3382f1 4239072 python optional python-django_1.2.3-3+squeeze3_all.deb b3e52e2447fb48ec6236b702293150f6 1903824 doc optional python-django-doc_1.2.3-3+squeeze3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Signed by Raphael Hertzog iQIcBAEBCAAGBQJQGlcxAAoJEOYZBF3yrHKaP3MQALXyByLhrIw9Vu6DYqI0AR6t OU63Y0eQ0BWIvgBhhknjrf7TpdUmQogLwn4UUCgWFamiuBXKYNXc8WoQkRlM6Qq/ jasDemsyWJ/7VmFELbW6KV2phl8ZRHx4KGi9G+p1P7GsLeIf8/oIgWVTwMwcA/Me cocZ6wiRAZLAwfkM0O7/UQ6IbXbPZvlNiWi2j39LowPSXCmkA4Za4kYVNGqoTJbT KfJAtjjThHTAZGRH8ucczmxZhv5PMy6IXVwXmNt4DenvbVy4acDbfavky88M/vN2 ReIgQEvJgtcEBNTPkAK8iDZGyK0HJElQ6nD4XuV06wc+DP0EuN7U0g2Mx50IdW9X Loj2OGpIQXncsOKPEfL2SJeg+mt36Tgofvz+Te8PI2ahMGw9vgadmK5CWvU/+pEE rGpVgYVNLkndTkMVKjObVfzFCLiJczPplLDRf3M2DlTQ+KhK7yvySoQ3udFROeCZ Ht+fDPteUFWDMQqa4awmajYGLpYkEpTcd0myOhhoz67DfrqTWhYlS09HrsJlbxUa c/mTCdvVl7ckjIie+jRmSkTxkVwIyvJBlZy9LVbTDz3+hqgK3xgmwYZgRLXiVGva WdWJFmDWO1UmvLJ2vAAkBE+9gaNzNIkn8jf3zfMNMscXhk1f2bYBFO9+YjSORJ0f qR72hm02HVrWHewU6Ywb =otkq -----END PGP SIGNATURE-----
--- End Message ---
