Your message dated Sat, 02 Mar 2013 19:02:07 +0000 with message-id <e1ubrh9-0004fy...@franck.debian.org> and subject line Bug#701186: fixed in python-django 1.2.3-3+squeeze5 has caused the Debian Bug report #701186, regarding python-django: CVE-2013-0305 CVE-2013-0306 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 701186: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701186 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: python-django Severity: grave Tags: security Justification: user security hole Please see https://www.djangoproject.com/weblog/2013/feb/19/security/ Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: python-django Source-Version: 1.2.3-3+squeeze5 We believe that the bug you reported is fixed in the latest version of python-django, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 701...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphaël Hertzog <hert...@debian.org> (supplier of updated python-django package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 24 Feb 2013 16:08:14 +0100 Source: python-django Binary: python-django python-django-doc Architecture: source all Version: 1.2.3-3+squeeze5 Distribution: stable-security Urgency: high Maintainer: Chris Lamb <la...@debian.org> Changed-By: Raphaël Hertzog <hert...@debian.org> Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Closes: 696535 701186 Changes: python-django (1.2.3-3+squeeze5) stable-security; urgency=high . * Stable security upload: https://www.djangoproject.com/weblog/2013/feb/19/security/ https://www.djangoproject.com/weblog/2012/dec/10/security/ Fixes mulptiple security issues: - Further fixes for Host header poisoning. CVE-2012-4520 - XML attacks via entity expansion. CVE-2013-1665 - Data leakage via admin history log. CVE-2013-0305 - Formset denial-of-service. CVE-2013-0306 - Redirect poisoning. * Backport all the upstream security patches: - debian/patches/20_fix_get_host.diff - debian/patches/21_fix_redirect_poisoning.diff - debian/patches/22_add_allowed_hosts.diff - debian/patches/23_restrict_xml_deserializer.diff - debian/patches/24_check_perms_admin_history_view.diff - debian/patches/25_limit_number_of_forms_in_formset.diff Closes: #701186, #696535 Checksums-Sha1: a4f42ef815b135dbf1042f716176ca5a57616db6 2214 python-django_1.2.3-3+squeeze5.dsc 640f68aede24ba2a551b8df250b95c433529c59c 42360 python-django_1.2.3-3+squeeze5.debian.tar.gz 563c0bc0f7db517eacce9eea950224d86ae46fa0 4221694 python-django_1.2.3-3+squeeze5_all.deb 27280ed48bfbecabcf11cfae907a82f2e402dbc0 1894256 python-django-doc_1.2.3-3+squeeze5_all.deb Checksums-Sha256: 687331ff1b155d173c9a6c2b007de511e82d33037f10d42bb0c1e07a5f073f45 2214 python-django_1.2.3-3+squeeze5.dsc 48141b4a6dd8658a70c38cc121150c6820a4e94f300780811345c9ea122f9745 42360 python-django_1.2.3-3+squeeze5.debian.tar.gz 051594c912a37a83b6ade6cf7d2220b384e43948f9ee1c9da9d91d00fbf31d64 4221694 python-django_1.2.3-3+squeeze5_all.deb 9a53b14aa03ad16ac22e942c2ae7dd8f47d59d210bdf3855342efbcee9adeaf9 1894256 python-django-doc_1.2.3-3+squeeze5_all.deb Files: b05ebf26e797b17186d01f1ec5949a69 2214 python optional python-django_1.2.3-3+squeeze5.dsc 9abd6f6c22823b72b7dcc19895191d14 42360 python optional python-django_1.2.3-3+squeeze5.debian.tar.gz 266ee387a3f40ec3c5fa9c4e48d62974 4221694 python optional python-django_1.2.3-3+squeeze5_all.deb 17781f4fff60bf76d08397c7375fa75b 1894256 doc optional python-django-doc_1.2.3-3+squeeze5_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Signed by Raphael Hertzog iQIcBAEBCAAGBQJRK4EXAAoJEOYZBF3yrHKa1mkQAKbdZUNP+Ih0RObcytq16vHO m0MnHrEs9d99tx/iwWoBayiOshy01G75bNNsKQkStarz3OrHssJs313hhn7mxVua CfCpLCVRzwEDNmUMqITvogkKBsdH8/l6smrKdc1yo4iC36wELi0h6P+8KTy4rKXF e1mBzkrHPySODUngve1nMGr5nlcB48/lVUKLpWzfzI58OkqEvVurm7Pc7sQJtTTl TkRgiw7yUpSADGHM/fRa+jklOPo2/jBM4HRHvvL0mHJcwIOeXu0WaLpsJoTjZ89o L/nZukdaFLrrzPROaOCekS1w2X5thNEbCx9pJ6890o5COuu3AsGhIjQSyKuSMVmN 930xjI+vWOP6MCb1bfIYiOklwvggMULQ73a0hwUEcSIFCSf7Ruh0j/AhQSLjQTqp RH+sMVSulGrkwf5xaDBkdvNvTEs0eLDLI+g+BB21QH1lNv7MU2TAbV8xhVAYgx2m DDTVP7Dmqc1PYKFVYkvvxGIpFd+pBh/jeEn9vP31428zxpm5IzHOFbvuXM5xg7dX lvEq7lfyaIgsJ0RHIiVOZVzLmOxj3SN3axBnuwuGEguItgqhD72D651c6K3cwJpT KZllCGqb5PWOLZD61sAjtdJFE08poXxtCp+yTmyK4cnWv8x6Kha32cOjIJ4jFUbE hOL0gWmUOAcaIesB0aAr =+KTN -----END PGP SIGNATURE-----
--- End Message ---
