This bug was fixed in the package python-django-piston -
0.2.2-1ubuntu1.11.04.1
---------------
python-django-piston (0.2.2-1ubuntu1.11.04.1) natty-security; urgency=low
* SECURITY UPDATE: remote code execution vulnerability. LP: #884910
- 02-fix-yaml-load.diff: use yaml.safe_load
- 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch
thanks to Debian
-
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
- CVE-2011-4103
-- Julian Taylor <[email protected]> Wed, 02 Nov 2011 19:18:12
+0100
** Changed in: python-django-piston (Ubuntu Maverick)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/884910
Title:
Security issue (no CVE yet)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django-piston/+bug/884910/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
