Thanks for your patches! A few notes: CVE-2011-4103 has been assigned to this issue, so I added it to the changelogs.
The maverick debdiff did not apply because the UDD tree you pulled from did not include the changes made to the maverick-updates package. I have applied your changes and created a new package for maverick-security. The oneiric and natty patches number the patches you added to debian/patches, but they aren't applied in numerical order in the series file. I have adjusted this. 03-fix-pickle-load.diff doesn't list an upstream commit in the DEP-3, and it looks to be an exact patch of what came from Debian. I have added 'patch thanks to Debian' to the changelog. I fixed some trailing whitespace and non-standard indentation in the changelogs. With the above changes, I have uploaded updated source packages to the security PPA and will push out once they are built. Thanks again. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-4103 ** Changed in: python-django-piston (Ubuntu Maverick) Status: Confirmed => Fix Committed ** Changed in: python-django-piston (Ubuntu Natty) Status: Confirmed => Fix Committed ** Changed in: python-django-piston (Ubuntu Oneiric) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/884910 Title: Security issue (no CVE yet) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-django-piston/+bug/884910/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
