[ubuntu/natty-security] python-django-piston 0.2.2-1ubuntu1.11.04.1 (Accepted)

Wed, 09 Nov 2011 13:03:37 -0800 

python-django-piston (0.2.2-1ubuntu1.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: remote code execution vulnerability. LP: #884910
    - 02-fix-yaml-load.diff: use yaml.safe_load
    - 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch
      thanks to Debian
    - 
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
    - CVE-2011-4103

Date: Wed, 02 Nov 2011 19:18:12 +0100
Changed-By: Julian Taylor <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/natty/+source/python-django-piston/0.2.2-1ubuntu1.11.04.1

Format: 1.8
Date: Wed, 02 Nov 2011 19:18:12 +0100
Source: python-django-piston
Binary: python-django-piston
Architecture: source
Version: 0.2.2-1ubuntu1.11.04.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Julian Taylor <[email protected]>
Description: 
 python-django-piston - Django mini-framework creating RESTful APIs
Launchpad-Bugs-Fixed: 884910
Changes: 
 python-django-piston (0.2.2-1ubuntu1.11.04.1) natty-security; urgency=low
 .
   * SECURITY UPDATE: remote code execution vulnerability. LP: #884910
     - 02-fix-yaml-load.diff: use yaml.safe_load
     - 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch
       thanks to Debian
     - 
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
     - CVE-2011-4103
Checksums-Sha1: 
 47a4471e253bb5079f6011c3934e1dbf95311966 2290 
python-django-piston_0.2.2-1ubuntu1.11.04.1.dsc
 43181fd93c0525f71f280868252fe4f802e82a8f 4865 
python-django-piston_0.2.2-1ubuntu1.11.04.1.debian.tar.gz
Checksums-Sha256: 
 5dee926552892fb76301a5a245fdba79e07b82ee985b94525dbc20658d6bf37f 2290 
python-django-piston_0.2.2-1ubuntu1.11.04.1.dsc
 3f9a5650c1a77dec9fe90af6ec74720657443bc59671f4d5008cfae0d10e91ff 4865 
python-django-piston_0.2.2-1ubuntu1.11.04.1.debian.tar.gz
Files: 
 558512082b5c22f77120937bc94c3bd6 2290 python optional 
python-django-piston_0.2.2-1ubuntu1.11.04.1.dsc
 423b109f6089a5c8cc49d588debab840 4865 python optional 
python-django-piston_0.2.2-1ubuntu1.11.04.1.debian.tar.gz
Original-Maintainer: Debian Python Modules Team 
<[email protected]>

-- 
Natty-changes mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/natty-changes

Reply via email to