Your message dated Sat, 26 Jul 2008 09:57:54 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#481164: fixed in python-django 0.95.1-1etch1
has caused the Debian Bug report #481164,
regarding python-django: CVE-2008-2302 cross-site scripting vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
481164: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481164
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: python-django
Version: 0.97~svn7189-1
Severity: grave
Tags: security
Justification: user security hole
http://www.djangoproject.com/weblog/2008/may/14/security/
Updates need to be prepared for etch, sid/lenny, and experimental.
Brett, can you take care of all this? (Also handling the few open bugs for
the sid/experimental upload would be nice)
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages python-django depends on:
ii python 2.5.2-1 An interactive high-level object-o
ii python-support 0.8.1 automated rebuilding support for P
Versions of packages python-django recommends:
ii python-pysqlite2 2.4.1-1 Python interface to SQLite 3
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 0.95.1-1etch1
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive:
python-django_0.95.1-1etch1.diff.gz
to pool/main/p/python-django/python-django_0.95.1-1etch1.diff.gz
python-django_0.95.1-1etch1.dsc
to pool/main/p/python-django/python-django_0.95.1-1etch1.dsc
python-django_0.95.1-1etch1_all.deb
to pool/main/p/python-django/python-django_0.95.1-1etch1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphael Hertzog <[EMAIL PROTECTED]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 20 May 2008 00:40:59 +0200
Source: python-django
Binary: python-django
Architecture: source all
Version: 0.95.1-1etch1
Distribution: stable
Urgency: low
Maintainer: Brett Parker <[EMAIL PROTECTED]>
Changed-By: Raphael Hertzog <[EMAIL PROTECTED]>
Description:
python-django - A high-level Python Web framework
Closes: 481164
Changes:
python-django (0.95.1-1etch1) stable; urgency=low
.
* Add new patch debian/patches/03_xss_fix.diff. Fixes cross-site
scripting vulnerability (CVE-2008-2302). Closes: #481164
Files:
dcfc01be4549177a957d5a3503a00fd0 931 python optional
python-django_0.95.1-1etch1.dsc
c9ea4b3dfdc79ddd5f871f727c067eae 4153 python optional
python-django_0.95.1-1etch1.diff.gz
6d78e3c6767803d84bd8f9c22f56242d 1017214 python optional
python-django_0.95.1-1etch1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Raphael Hertzog
iD8DBQFIMgdyvPbGD26BadIRAkOvAJ9y6syIot3/yRl5bZNXcBX3c6/7rgCcCYnY
Mp4xFgv1GE3JmCoBc7tZPdk=
=3OvF
-----END PGP SIGNATURE-----
--- End Message ---
