Debian Bug report logs -
#691145
python-django: CVE-2012-4520
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 22 Oct 2012 06:54:01 UTC
Severity: grave
Tags: security
Fixed in version python-django/1.4.2-1
Done: Raphaël Hertzog <hertzog@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Chris Lamb <lamby@debian.org>:
Bug#691145; Package python-django.
(Mon, 22 Oct 2012 06:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Chris Lamb <lamby@debian.org>.
(Mon, 22 Oct 2012 06:54:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: python-django
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see https://www.djangoproject.com/weblog/2012/oct/17/security/
Cheers,
Moritz
Added tag(s) pending.
Request was from hertzog@users.alioth.debian.org
to control@bugs.debian.org.
(Mon, 22 Oct 2012 08:36:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Chris Lamb <lamby@debian.org>:
Bug#691145; Package python-django.
(Mon, 22 Oct 2012 09:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Chris Lamb <lamby@debian.org>.
(Mon, 22 Oct 2012 09:09:03 GMT) (full text, mbox, link).
Message #12 received at 691145@bugs.debian.org (full text, mbox, reply):
Hi,
On Mon, 22 Oct 2012, Moritz Muehlenhoff wrote:
> please see https://www.djangoproject.com/weblog/2012/oct/17/security/
There's a stable update ready here:
http://people.debian.org/~hertzog/packages/python-django_1.2.3-3+squeeze4_amd64.changes
Let me know if I can upload it to security.debian.org. Thijs, feel free to
test it.
I will also shorty upload 1.4.2-1 to unstable and wheezy.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
Reply sent
to Raphaël Hertzog <hertzog@debian.org>:
You have taken responsibility.
(Mon, 22 Oct 2012 09:51:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Mon, 22 Oct 2012 09:51:04 GMT) (full text, mbox, link).
Message #17 received at 691145-close@bugs.debian.org (full text, mbox, reply):
Source: python-django
Source-Version: 1.4.2-1
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 691145@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphaël Hertzog <hertzog@debian.org> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 22 Oct 2012 10:53:30 +0200
Source: python-django
Binary: python-django python-django-doc
Architecture: source all
Version: 1.4.2-1
Distribution: unstable
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Raphaël Hertzog <hertzog@debian.org>
Description:
python-django - High-level Python web development framework
python-django-doc - High-level Python web development framework (documentation)
Closes: 691145
Changes:
python-django (1.4.2-1) unstable; urgency=high
.
* New upstream security and maintenance release. Closes: #691145
Fixes: CVE-2012-4520
* Drop 01_use_stdlib_htmlparser_when_possible.diff which has been
merged upstream.
Checksums-Sha1:
41b8407c9de3c4fe4142c5c237d1c69af9a2c7c4 2227 python-django_1.4.2-1.dsc
ccee9f589b819545f9d71d4aee2c2322e5cc2fd6 7722026 python-django_1.4.2.orig.tar.gz
7540f905ad89bb27e1967f0da6388f758bbd8121 19606 python-django_1.4.2-1.debian.tar.gz
ea5b071f8d1a23dcce75394ca05faf2eb54c0523 5363578 python-django_1.4.2-1_all.deb
ca5de9b54112a67e62125cf8fac4677bdb598f87 2421354 python-django-doc_1.4.2-1_all.deb
Checksums-Sha256:
88b928e62a8dae16dd06881703b43715565f77eb15263e4a61a280373574376d 2227 python-django_1.4.2-1.dsc
edfd8733f45bbaa524cee25bcac3080ce28c21242c27227464eae3fa6b3d80e7 7722026 python-django_1.4.2.orig.tar.gz
c24cbe93ae7a611551004c028982c4cfcd5d3e566d9657f483cec2e2b08ae666 19606 python-django_1.4.2-1.debian.tar.gz
d6b31a39373f6889486953e3473104bec54651eabc5488bf453866397281df94 5363578 python-django_1.4.2-1_all.deb
216554ba06bed2a44ffa7c67f0fdf7f2dea7a750c435912b8d8186268924e534 2421354 python-django-doc_1.4.2-1_all.deb
Files:
ef02ce2ceb17fd28edb272380e741fe3 2227 python optional python-django_1.4.2-1.dsc
6ffecdc01ad360e1abdca1015ae0893a 7722026 python optional python-django_1.4.2.orig.tar.gz
caf8f606a60064b092260004f76dc9d6 19606 python optional python-django_1.4.2-1.debian.tar.gz
dee2bda5a8ba0893f1d87a63e30de64d 5363578 python optional python-django_1.4.2-1_all.deb
9d2faebaf1730d78419b6c168a028937 2421354 doc optional python-django-doc_1.4.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Signed by Raphael Hertzog
iQIcBAEBCAAGBQJQhRLxAAoJEOYZBF3yrHKah4AP/3Ut/5+kZRLnS8G1UvIPIpLW
/pdjQB3Uqnm/sYcCBAIX0WKtZ2+inkJggpnae5zsaUw9vSP/KQU4kXo6rr3tIFou
mhrFfgLXpnCNvjAWzq0aZCe7sqk73hxELFKiqBqsJHi23myt6lgAivF631PtuAAP
y/nszBPjgWwrbPonn7QKCg7qa6z1ak+9Ac/8jpmOn4D4fiIP25sWxkwKGfBIcyMx
8UlX0KtinxSt5hSLdsY9WaXri7PZ+JQHBvZQhsEEHhIZGcSVajsAA8GCzRvFkBo4
IOwF+Qo+tvAnqg1eLiqy196dHY2J7qSCPs+zWIXdm/o1UXm7iG1eQWLAFI43dCh4
eL2qJlqw/3GyZJMMSS2DkF2KjQToW4qmvXUsiHQ6ORvoGaGE5fHOc0BrAdbAYw8s
emcvfbCBOpKJnZ9FLAOVhhKVkmS87nSyHbuc61UlMePnzQeeXlTf3O5zsn1Lbxv3
FbhmeaXacqq8tib3Kjs+05Y8zH4zS6k4RyaaPV1W0q+cqtd26vWSIzPj+gtTjtln
zuwjJNAx5lu255MYf//pGX5sXqw+5rujzHDIiiKGmFl14Gb6RPO+tWAshZ8775D0
dNM3N2z4uyFzLBtI9d5x9iS89JJuGWM96k2LLGoxyowfBAkKGtdyfVYgV9HwY+rN
iiZ6Ha6xvEo58nqiAZ0s
=+seJ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 20 Nov 2012 07:26:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:50:26 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon