[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

Launchpad Bug Tracker Thu, 15 Nov 2012 15:25:53 -0800

This bug was fixed in the package python-django - 1.3.1-4ubuntu1.3

---------------
python-django (1.3.1-4ubuntu1.3) precise-security; urgency=low


  * SECURITY UPDATE: fix Host header poisoning
    - debian/patches/CVE-2012-4520.diff: adjust HttpRequest.get_host() to
      raise django.core.exceptions.SuspiciousOperation if Host headers contain
      potentially dangerous content. Patch thanks to Mackenzie Morgan.
    - CVE-2012-4520
    - LP: #1068486
 -- Jamie Strandboge <[email protected]>   Fri, 09 Nov 2012 15:56:15 -0600

** Changed in: python-django (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** Changed in: python-django (Ubuntu Quantal)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1068486

Title:
  Please backport Django 1.3.4/1.4.2 security updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1068486/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

Reply via email to