Your message dated Tue, 30 Oct 2012 19:28:28 +0000 with message-id <[email protected]> and subject line Re: Bug#691882: unblock: python-django/1.4.2-1 has caused the Debian Bug report #691882, regarding unblock: python-django/1.4.2-1 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 691882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691882 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock Hi, please unblock python-django 1.4.2-1. It fixes CVE-2012-4520 Cheers, Moritz unblock python-django/1.4.2-1 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---On Tue, 2012-10-30 at 18:21 +0100, Moritz Muehlenhoff wrote: > please unblock python-django 1.4.2-1. It fixes > CVE-2012-4520 It would be nicer if it could have avoided dragging a Python3 compat class in at the same time; ah well. + if set(';/?@&=+$,').intersection(host): + raise SuspiciousOperation('Invalid HTTP_HOST header: %s' % host) I do wonder if that shouldn't be a whitelist instead. Unblocked. Regards, Adam
--- End Message ---
