This bug was fixed in the package python-django - 1.4.1-2ubuntu0.1
---------------
python-django (1.4.1-2ubuntu0.1) quantal-security; urgency=low
* SECURITY UPDATE: fix Host header poisoning
- debian/patches/CVE-2012-4520.diff: adjust HttpRequest.get_host() to
raise django.core.exceptions.SuspiciousOperation if Host headers contain
potentially dangerous content. Patch thanks to Mackenzie Morgan.
- CVE-2012-4520
- LP: #1068486
* debian/patches/docs-update-httponly-cookie.diff: update documentation of
HttpOnly cookie option to correctly describe changes to 1.4
-- Jamie Strandboge <[email protected]> Fri, 09 Nov 2012 15:53:27 -0600
** Changed in: python-django (Ubuntu Oneiric)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1068486
Title:
Please backport Django 1.3.4/1.4.2 security updates
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1068486/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
