Bug#596205: marked as done (python-django: new minor release fixes CSRF bug)

Sat, 18 Sep 2010 11:48:18 -0700 

Your message dated Sat, 18 Sep 2010 18:47:14 +0000
with message-id <[email protected]>
and subject line Bug#596205: fixed in python-django 1.2.3-1
has caused the Debian Bug report #596205,
regarding python-django: new minor release fixes CSRF bug
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
596205: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596205
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: python-django
Version: 1.2.1-1
Severity: grave
Tags: security
Justification: user security hole

Hi,

the Django project released version 1.2.2, fixing a security problem in the CSRF
protection system. Details are on the Django Blog:

http://www.djangoproject.com/weblog/2010/sep/08/security-release/

Cheers, Til


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages python-django depends on:
ii  python                        2.6.5-13   interactive high-level object-orie
ii  python-support                1.0.9      automated rebuilding support for P

Versions of packages python-django recommends:
ii  libjs-jquery                  1.4.2-2    JavaScript library for dynamic web

Versions of packages python-django suggests:
pn  python-flup                  <none>      (no description available)
ii  python-mysqldb               1.2.2-10+b1 A Python interface to MySQL
pn  python-psycopg               <none>      (no description available)
pn  python-psycopg2              <none>      (no description available)
pn  python-sqlite                <none>      (no description available)
ii  python-yaml                  3.09-4      YAML parser and emitter for Python

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: python-django
Source-Version: 1.2.3-1

We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive:

python-django-doc_1.2.3-1_all.deb
  to main/p/python-django/python-django-doc_1.2.3-1_all.deb
python-django_1.2.3-1.debian.tar.gz
  to main/p/python-django/python-django_1.2.3-1.debian.tar.gz
python-django_1.2.3-1.dsc
  to main/p/python-django/python-django_1.2.3-1.dsc
python-django_1.2.3-1_all.deb
  to main/p/python-django/python-django_1.2.3-1_all.deb
python-django_1.2.3.orig.tar.gz
  to main/p/python-django/python-django_1.2.3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphaël Hertzog <[email protected]> (supplier of updated python-django package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 18 Sep 2010 19:37:03 +0200
Source: python-django
Binary: python-django python-django-doc
Architecture: source all
Version: 1.2.3-1
Distribution: unstable
Urgency: low
Maintainer: Chris Lamb <[email protected]>
Changed-By: Raphaël Hertzog <[email protected]>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Closes: 596205 596893
Changes: 
 python-django (1.2.3-1) unstable; urgency=low
 .
   [ Krzysztof Klimonda ]
   * New upstream release. Closes: #596893 LP: #636482
   * Fixes both a XSS vulnerability introduced in 1.2 series and
     the regressions caused by 1.2.2 release. Closes: #596205
   * debian/control:
     - depend on language packs for en_US.utf8 locales required for unit tests.
   * debian/rules:
     - re-enable build time tests.
     - set LC_ALL to en_US.utf8 for test suite.
   * debian/patches/series:
     - two new patches: 05_fix_regression_tests.diff and
       06_fix_regression_tests.diff backported from 1.2.x branch to fix
       test suite failures.
 .
   [ Raphaël Hertzog ]
   * Update Standards-Version to 3.9.1.
   * Drop "--with quilt" and quilt build-dependency since the package is
     already using source format "3.0 (quilt)".
Checksums-Sha1: 
 cfdf33f103a13b187848c324ea3c7d264ad6eeab 1832 python-django_1.2.3-1.dsc
 f65146218ab61bf5efe715db3fc3a177a24fba0d 6306760 
python-django_1.2.3.orig.tar.gz
 a27e841806b0ff98682cb7f98224a76a1bbbd270 18340 
python-django_1.2.3-1.debian.tar.gz
 0bf8c27e74f7a37e2ce9447e25ecc0acd8ff26b5 4237148 python-django_1.2.3-1_all.deb
 02a34b60261880c4c680aa7c5a67db8d2f80dbe6 1902834 
python-django-doc_1.2.3-1_all.deb
Checksums-Sha256: 
 fd82ea525b88b252dc0767814dfd367231c2fa9c8d0ad76c366d176e686b4b22 1832 
python-django_1.2.3-1.dsc
 cb830f6038b78037647150d977f6cd5cf2bfd731f1788ecf8758a03c213a0f84 6306760 
python-django_1.2.3.orig.tar.gz
 8f09a1da216a2f9bdf39339f07bde1cdf0586aaf9a894163ca752c5bf533adc5 18340 
python-django_1.2.3-1.debian.tar.gz
 2c43858ab61a90492adce802fdc07106e56a7254d3aa15712e10bfc892fc96d3 4237148 
python-django_1.2.3-1_all.deb
 8e8056c670390078657a21ab91a06117a5691d4624c21be22d8593fd9d9af7b8 1902834 
python-django-doc_1.2.3-1_all.deb
Files: 
 b553b037febc66a719e2801101c0016a 1832 python optional python-django_1.2.3-1.dsc
 10bfb5831bcb4d3b1e6298d0e41d6603 6306760 python optional 
python-django_1.2.3.orig.tar.gz
 2a97ee5ea0b9eee82e9a985e1badf1fc 18340 python optional 
python-django_1.2.3-1.debian.tar.gz
 8064bc8f7f4f3cb50d5a9fc857e0bcd5 4237148 python optional 
python-django_1.2.3-1_all.deb
 5be6935a17c912b699259d70e09fa089 1902834 doc optional 
python-django-doc_1.2.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Signed by Raphael Hertzog

iQEcBAEBCAAGBQJMlQUeAAoJEAOIHavrwpq57XsH/3zbktrh46fTZ3/BGiJDpsde
zCgvGRc6swsm/vpDFrQ92uvGKtvrsK8u12U5rOeDR1ZDANUjxYGQolsZL3DQ2ZYU
0KU1Uq6CeFZc0kK6IVhuBdN0YW+Nq+QilnFdcCNFYTsfo/XrzH6BehzZ9srHIbub
SUEkiX95HnXnKPWl58pi7DRRitsY4zOp5oMcjt8xA/uvDhe2joiF8GxSA+xl3CFK
F4o+F9j0uRBaYtULyKJANtSOpKzZQC7rxZc31Sd03sN87cTukQ9hgV8X9HJwGSJW
gJVKxMs7kHLNwdd8AtnwTpMdLY7MQdiIvIIa42a53F6txGT2Vp5lCu1/uJIG4l8=
=wHiu
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to