Debian Bug report logs -
#647315
Security issue (no CVE yet)
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 1 Nov 2011 19:54:01 UTC
Severity: grave
Tags: security
Fixed in version 0.2.2-2
Done: Michael Ziegler <diese-addy@funzt-halt.net>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
:
Bug#647315
; Package python-django-piston
.
(Tue, 01 Nov 2011 19:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
.
(Tue, 01 Nov 2011 19:54:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: python-django-piston
Severity: grave
Tags: security
Please see
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
Cheers,
Moritz
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
:
Bug#647315
; Package python-django-piston
.
(Wed, 09 Nov 2011 16:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jamie Strandboge <jamie@canonical.com>
:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
.
(Wed, 09 Nov 2011 16:03:03 GMT) (full text, mbox, link).
Message #10 received at 647315@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
FYI, this now has a CVE (CVE-2011-4103) amd looks to be fixed in
0.2.2-2:
python-django-piston (0.2.2-2) unstable; urgency=low
[ Michael Ziegler ]
* Bump Standards Version to 3.9.2.
* Remove reference to /usr/share/common-licenses/BSD and strip trailing
whitespace in copyright.
* Fix a copy-paste error in copyright.
* Fix a security issue in the YAML emitter.
* Disable the pickle loader due to security concerns (Closes: #646517).
[ Luca Falavigna ]
* Enable DM-Upload-Allowed field
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Michael Ziegler <diese-addy@funzt-halt.net>
:
You have taken responsibility.
(Fri, 11 Nov 2011 21:42:19 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Fri, 11 Nov 2011 21:42:20 GMT) (full text, mbox, link).
Message #15 received at 647315-done@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Version: 0.2.2-2
Debian has now received Updates for Unstable, Testing and Stable that
fix this issue. Regarding the new upstream version, I will package it soon.
Greetings,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOvZR7AAoJEEn0ejpI+BVD7F4H/R7dpQXIw8riO/I8UoT4bZU8
FOXUI5Q4ij6me5+6zeMpeMX/AE53Js5stlbjlqhy0ovqvTChmfbI63nNqeCZsRZS
8/oQrV0Ynu2ix8F6zdO7MhJ3CK6LBF9VZJr4UW+Mv5NmaO3W65Y/Or/WYXJl+ZLx
10OiF+WczPtHSGWznIcl2GP29Fs/KmU285iojAMWlGTmFRhSm2SOAOhZUzeccPCE
e9NYouI5M4g0sZg0fHpymgsJmCvaOveUWg3AslvlPrjQiEePp6i0t/9C+2qjf3/p
I1CyiTun4ADt5ptTuke2eXZvG9/4euoODZhZO+jWra2mgUW9am1reYrgq89mWOI=
=Y+Oo
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 29 Jan 2012 07:33:33 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:18:43 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.