[ubuntu/natty-security] python-django-piston 0.2.2-1ubuntu1.11.04.1 (Accepted)

Julian Taylor jtaylor.debian at googlemail.com
Wed Nov 9 21:03:30 UTC 2011 

python-django-piston (0.2.2-1ubuntu1.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: remote code execution vulnerability. LP: #884910
    - 02-fix-yaml-load.diff: use yaml.safe_load
    - 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch
      thanks to Debian
    - https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
    - CVE-2011-4103

Date: Wed, 02 Nov 2011 19:18:12 +0100
Changed-By: Julian Taylor <jtaylor.debian at googlemail.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/python-django-piston/0.2.2-1ubuntu1.11.04.1
-------------- next part --------------
Format: 1.8
Date: Wed, 02 Nov 2011 19:18:12 +0100
Source: python-django-piston
Binary: python-django-piston
Architecture: source
Version: 0.2.2-1ubuntu1.11.04.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Taylor <jtaylor.debian at googlemail.com>
Description: 
 python-django-piston - Django mini-framework creating RESTful APIs
Launchpad-Bugs-Fixed: 884910
Changes: 
 python-django-piston (0.2.2-1ubuntu1.11.04.1) natty-security; urgency=low
 .
   * SECURITY UPDATE: remote code execution vulnerability. LP: #884910
     - 02-fix-yaml-load.diff: use yaml.safe_load
     - 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch
       thanks to Debian
     - https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
     - CVE-2011-4103
Checksums-Sha1: 
 47a4471e253bb5079f6011c3934e1dbf95311966 2290 python-django-piston_0.2.2-1ubuntu1.11.04.1.dsc
 43181fd93c0525f71f280868252fe4f802e82a8f 4865 python-django-piston_0.2.2-1ubuntu1.11.04.1.debian.tar.gz
Checksums-Sha256: 
 5dee926552892fb76301a5a245fdba79e07b82ee985b94525dbc20658d6bf37f 2290 python-django-piston_0.2.2-1ubuntu1.11.04.1.dsc
 3f9a5650c1a77dec9fe90af6ec74720657443bc59671f4d5008cfae0d10e91ff 4865 python-django-piston_0.2.2-1ubuntu1.11.04.1.debian.tar.gz
Files: 
 558512082b5c22f77120937bc94c3bd6 2290 python optional python-django-piston_0.2.2-1ubuntu1.11.04.1.dsc
 423b109f6089a5c8cc49d588debab840 4865 python optional python-django-piston_0.2.2-1ubuntu1.11.04.1.debian.tar.gz
Original-Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>

More information about the Natty-changes mailing list