[Bug 884910] Re: Security issue (no CVE yet)

Launchpad Bug Tracker Wed, 09 Nov 2011 13:11:05 -0800

This bug was fixed in the package python-django-piston -
0.2.2-1ubuntu0.2

---------------
python-django-piston (0.2.2-1ubuntu0.2) maverick-security; urgency=low


  * SECURITY UPDATE: remote code execution vulnerability. LP: #884910
    - 02-fix-yaml-load.diff: use yaml.safe_load
    - 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch
      thanks to Debian
    - 
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
    - Ubuntu patch thanks to Julian Taylor <[email protected]>
    - CVE-2011-4103
 -- Jamie Strandboge <[email protected]>   Wed, 09 Nov 2011 10:04:28 -0600

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/884910

Title:
  Security issue (no CVE yet)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django-piston/+bug/884910/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 884910] Re: Security issue (no CVE yet)

Reply via email to