Bug#701186: marked as done (python-django: CVE-2013-0305 CVE-2013-0306)

[Debian Bug Tracking System]

Your message dated Sat, 23 Feb 2013 14:47:56 +0000
with message-id <e1u9gok-00078e...@franck.debian.org>
and subject line Bug#701186: fixed in python-django 1.4.4-1
has caused the Debian Bug report #701186,
regarding python-django: CVE-2013-0305  CVE-2013-0306
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701186: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701186
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: python-django
Severity: grave
Tags: security
Justification: user security hole

Please see
https://www.djangoproject.com/weblog/2013/feb/19/security/

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: python-django
Source-Version: 1.4.4-1

We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 701...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphaël Hertzog <hert...@debian.org> (supplier of updated python-django package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 23 Feb 2013 09:33:13 +0100
Source: python-django
Binary: python-django python-django-doc
Architecture: source all
Version: 1.4.4-1
Distribution: unstable
Urgency: low
Maintainer: Chris Lamb <la...@debian.org>
Changed-By: Raphaël Hertzog <hert...@debian.org>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Closes: 700483 701186
Changes: 
 python-django (1.4.4-1) unstable; urgency=low
 .
   * New upstream security and maintenance release. Closes: #701186
     https://www.djangoproject.com/weblog/2013/feb/19/security/
     Fixes mulptiple security issues:
     - Further fixes for Host header poisoning. CVE-2012-4520
     - XML attacks via entity expansion. CVE-2013-1665
     - Data leakage via admin history log. CVE-2013-0305
     - Formset denial-of-service. CVE-2013-0306
   * Add gettext to Suggests since it's required for django-admin
     compilemessages / makemessages. Closes: #700483
Checksums-Sha1: 
 38fb931786fa14eb9b8fc4e2ea7aa1aa6b2f72f9 2227 python-django_1.4.4-1.dsc
 7f4da833006b58929cbfd4ba5d11e6448c5846fc 7740176 
python-django_1.4.4.orig.tar.gz
 bcba0843b0e759edbf53838598c0546a615de43e 19856 
python-django_1.4.4-1.debian.tar.gz
 f4baec47dc0ee3fc78722a96cff70941c1043e72 5367026 python-django_1.4.4-1_all.deb
 3a73fffad101a64299b68070dd2d24b1462b69f7 2431524 
python-django-doc_1.4.4-1_all.deb
Checksums-Sha256: 
 965bb364e75a2c7539fb1756395eda84b5bf1899c0831c03cf01921c44af8e31 2227 
python-django_1.4.4-1.dsc
 0dd9fa4f0dfc4f64eedecc82bde8dfe15a0a420ceeb11ca1ed050f1742b57077 7740176 
python-django_1.4.4.orig.tar.gz
 3fe8425e9b489aeae12bc7ad4f6b25a2dd5551fc0c33692e42794096ef8809fa 19856 
python-django_1.4.4-1.debian.tar.gz
 c9bc1cbb5d8234918e842e2000b0d84be0d63549df27460da6de980f4e27feaa 5367026 
python-django_1.4.4-1_all.deb
 ceaa8cec41e224039d7eea4d5a1cf33e6de5ac03b8cb694cafe8067831eba01a 2431524 
python-django-doc_1.4.4-1_all.deb
Files: 
 0142dbfd3d85bcf71d3494119aec1ced 2227 python optional python-django_1.4.4-1.dsc
 833f531479948201f0f0a3b5b5972565 7740176 python optional 
python-django_1.4.4.orig.tar.gz
 4be82335fca9d168cf8dfae83a86c8eb 19856 python optional 
python-django_1.4.4-1.debian.tar.gz
 c76fbe5c855aed2b1e91ac215656b8c9 5367026 python optional 
python-django_1.4.4-1_all.deb
 2dcdbf7a234192ffe1a4b6da5159d617 2431524 doc optional 
python-django-doc_1.4.4-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Signed by Raphael Hertzog

iQIcBAEBCAAGBQJRKMeeAAoJEOYZBF3yrHKadeEQANA3jY2r1XgPQo+VfBI8h7eV
sZs0rSPvmvqgTV3PBrMwst0qyB/I2O8f+Swz0XwcX5P/0MS96uCeqwYDRn2wcC0I
a9BToRXOQKTKKMhJyu/pPWxAp930RnwObfotc1X8x7Pq2FD0Qkprqe+D85pI6xDJ
cUj9xyint4FZJEOjcFT7wP8UgckPaTb7+7gnlTfSkVD4JjKjhhkX8JsuD1lRjJwi
HzulXKeTLHmEe6uYKZj8a0Yt9x9bgpdgkN1rknO4NVyGbFRSuoawxxrDz5ylmTbe
eIqMrwqrovsH1vVgCIA+Icn5iwhZp/JsMpphpBIYsgNrLo9KydmqXthc+x9KkBCW
a9jYDae00Im0PYjgoSK7wU7zLq8dmPtqvCY5xhlVkk2RgALzPMjl7V/yzRKEQEDe
Qct9QRKrsqrhgC1C0Axu/p0/OCiLRCQz53CwJneXzEQfS5zJ+lt3VhSIF4ZlWMlr
0beD/vxLr0W0BVMeGTmBukjqeM6Oc2e86HUqV4FvqC9LEP8zX7UKHJ1JMZhlePcQ
S+c+BGbW9gebV/3YcFHYAZQszUL0VnMschE9MT3+SMpyH4J53ejkP6hocfZFpHV3
Y7VM01lRmJqu+jYtrb4RD6vqf9YAJaUaBsR5NnLVPw0Er6mceMKUjQ1m+hx7Eu+A
hHqXsFYUWejwWF12zkJ4
=XsQO
-----END PGP SIGNATURE-----

--- End Message ---