Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Security issue (no CVE yet)

Related Vulnerabilities: CVE-2011-4103  

Source

Debian Bug report logs - #647315
Security issue (no CVE yet)

version graph

Package: python-django-piston; Maintainer for python-django-piston is Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>; Source for python-django-piston is src:python-django-piston (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Tue, 1 Nov 2011 19:54:01 UTC

Severity: grave

Tags: security

Fixed in version 0.2.2-2

Done: Michael Ziegler <diese-addy@funzt-halt.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#647315; Package python-django-piston. (Tue, 01 Nov 2011 19:54:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Tue, 01 Nov 2011 19:54:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Security issue (no CVE yet)
Date: Tue, 01 Nov 2011 20:51:04 +0100
Package: python-django-piston
Severity: grave
Tags: security

Please see
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>:
Bug#647315; Package python-django-piston. (Wed, 09 Nov 2011 16:03:03 GMT) (full text, mbox, link).

Acknowledgement sent to Jamie Strandboge <jamie@canonical.com>:
Extra info received and forwarded to list. Copy sent to Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>. (Wed, 09 Nov 2011 16:03:03 GMT) (full text, mbox, link).

Message #10 received at 647315@bugs.debian.org (full text, mbox, reply):

From: Jamie Strandboge <jamie@canonical.com>
To: 647315@bugs.debian.org
Subject: Re: Security issue (no CVE yet)
Date: Wed, 09 Nov 2011 09:59:59 -0600
[Message part 1 (text/plain, inline)]
FYI, this now has a CVE (CVE-2011-4103) amd looks to be fixed in
0.2.2-2:

python-django-piston (0.2.2-2) unstable; urgency=low

  [ Michael Ziegler ]
  * Bump Standards Version to 3.9.2.
  * Remove reference to /usr/share/common-licenses/BSD and strip trailing
    whitespace in copyright.
  * Fix a copy-paste error in copyright.
  * Fix a security issue in the YAML emitter.
  * Disable the pickle loader due to security concerns (Closes: #646517).

  [ Luca Falavigna ]
  * Enable DM-Upload-Allowed field

[signature.asc (application/pgp-signature, inline)]

Reply sent to Michael Ziegler <diese-addy@funzt-halt.net>:
You have taken responsibility. (Fri, 11 Nov 2011 21:42:19 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Fri, 11 Nov 2011 21:42:20 GMT) (full text, mbox, link).

Message #15 received at 647315-done@bugs.debian.org (full text, mbox, reply):

From: Michael Ziegler <diese-addy@funzt-halt.net>
To: 647315-done@bugs.debian.org
Subject: Re: Security issue (no CVE yet)
Date: Fri, 11 Nov 2011 22:32:43 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Version: 0.2.2-2

Debian has now received Updates for Unstable, Testing and Stable that
fix this issue. Regarding the new upstream version, I will package it soon.

Greetings,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOvZR7AAoJEEn0ejpI+BVD7F4H/R7dpQXIw8riO/I8UoT4bZU8
FOXUI5Q4ij6me5+6zeMpeMX/AE53Js5stlbjlqhy0ovqvTChmfbI63nNqeCZsRZS
8/oQrV0Ynu2ix8F6zdO7MhJ3CK6LBF9VZJr4UW+Mv5NmaO3W65Y/Or/WYXJl+ZLx
10OiF+WczPtHSGWznIcl2GP29Fs/KmU285iojAMWlGTmFRhSm2SOAOhZUzeccPCE
e9NYouI5M4g0sZg0fHpymgsJmCvaOveUWg3AslvlPrjQiEePp6i0t/9C+2qjf3/p
I1CyiTun4ADt5ptTuke2eXZvG9/4euoODZhZO+jWra2mgUW9am1reYrgq89mWOI=
=Y+Oo
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 29 Jan 2012 07:33:33 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:18:43 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started