This bug was fixed in the package python-django - 1.1.1-1ubuntu1
---------------
python-django (1.1.1-1ubuntu1) karmic; urgency=low
* Merge python-django 1.1.1-1 from debian unstable (LP: #447617)
for security and bug fixes, all Ubuntu changes merged by Debian.
* Add to debian/patches:
- 20_python2.6.3_regression.patch - backported upstream commit 11620
to make Django work with Python 2.6.3 properly. (LP: #445639)
python-django (1.1.1-1) unstable; urgency=high
* New upstream security release - fixes pathological regular expression
backtracking performance in URL and email fields which can be used as part
of a denial of service attack.
* Set Maintainer: to myself with thanks to Brett Parker.
* Bump versioned build dependency on quilt to help backporters.
(Closes: #547955)
python-django (1.1-4) unstable; urgency=low
* Sourceful upload to drop dependency on Python 2.4.
python-django (1.1-3) unstable; urgency=low
* Disable regression tests that require an internet connection. Patch by
Krzysztof Klimonda <kklimo...@syntaxhighlighted.com>. (Closes: #542996)
* Bump Standards-Version to 3.8.3.
-- Krzysztof Klimonda <kklimo...@syntaxhighlighted.com> Mon, 12 Oct
2009 19:22:16 +0200
** Changed in: python-django (Ubuntu Karmic)
Status: Fix Committed => Fix Released
--
DoS attack on Django 1.0.x and 1.1.x disclosed
https://bugs.launchpad.net/bugs/447617
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
