Package: python-django
Version: 0.95-3
Severity: grave
Tags: security
The announcement at
<http://www.djangoproject.com/weblog/2007/jan/21/0951/> includes links
to the diffs for each changeset.
Fixes include:
* A patch for a small security vulnerability in the script
Django's internationalization system uses to compile translation
files (changeset 4360 in the "0.95-bugfixes" branch).
* A fix for a bug in Django's authentication middleware which
could cause apparent "caching" of a logged-in user (changeset
4361).
* A patch which disables debugging mode in the flup FastCGI
package Django uses to launch its FastCGI server, which prevents
tracebacks from bubbling up during production use (changeset
4363).
The second fix should definitely be fixed for Etch. The first probably
only warrants 'important' severity, and the same might be said for the
third, although the tracebacks that are displayed may disclose sensitive
information to an attacker.
--
Sam Morris
[EMAIL PROTECTED]
http://robots.org.uk/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
