[ubuntu/maverick-security] python-django-piston 0.2.2-1ubuntu0.2 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Wed Nov 9 21:03:34 UTC 2011
python-django-piston (0.2.2-1ubuntu0.2) maverick-security; urgency=low
* SECURITY UPDATE: remote code execution vulnerability. LP: #884910
- 02-fix-yaml-load.diff: use yaml.safe_load
- 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch
thanks to Debian
- https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
- Ubuntu patch thanks to Julian Taylor <jtaylor.debian at googlemail.com>
- CVE-2011-4103
Date: Wed, 09 Nov 2011 10:04:28 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/python-django-piston/0.2.2-1ubuntu0.2
-------------- next part --------------
Format: 1.8
Date: Wed, 09 Nov 2011 10:04:28 -0600
Source: python-django-piston
Binary: python-django-piston
Architecture: source
Version: 0.2.2-1ubuntu0.2
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
python-django-piston - Django mini-framework creating RESTful APIs
Launchpad-Bugs-Fixed: 884910
Changes:
python-django-piston (0.2.2-1ubuntu0.2) maverick-security; urgency=low
.
* SECURITY UPDATE: remote code execution vulnerability. LP: #884910
- 02-fix-yaml-load.diff: use yaml.safe_load
- 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch
thanks to Debian
- https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
- Ubuntu patch thanks to Julian Taylor <jtaylor.debian at googlemail.com>
- CVE-2011-4103
Checksums-Sha1:
38d4f079e797a7f9913dad47c8063db8f9d5dbe7 2266 python-django-piston_0.2.2-1ubuntu0.2.dsc
0255eee332a0131b36e2a25c2fef19d14e9e28e4 4839 python-django-piston_0.2.2-1ubuntu0.2.debian.tar.gz
Checksums-Sha256:
61813056fcb7a3affb2d01889c6ddff2a23c31a24cb5c762e9dd0ffd420c3f58 2266 python-django-piston_0.2.2-1ubuntu0.2.dsc
a30480f4d1cc7a5916ccdaae4328fa466b887a01c5cf27885079a8b720940738 4839 python-django-piston_0.2.2-1ubuntu0.2.debian.tar.gz
Files:
b37bc16917dbc350e1bf1d6c5492e0bb 2266 python optional python-django-piston_0.2.2-1ubuntu0.2.dsc
3355339510b4ea99fd956a295c042ffc 4839 python optional python-django-piston_0.2.2-1ubuntu0.2.debian.tar.gz
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
More information about the Maverick-changes
mailing list