[Bug 636482] Re: Update python-django to 1.2.3 version to fix an XSS vulnerability
Krzysztof Klimonda
kklimonda at syntaxhighlighted.com
Mon Oct 4 19:59:10 BST 2010
Not until release of 1.2.3-2 with a patch removing test mentioned by Kai
Kasurinen is applied. Unless DDs decide not to apply the patch and wait
for the next point release. I've opened a new bug about it on the debian
BTS but, given a time frame, we may be better with updating it
ourselves. The 1.2.3-1 release is basically what I've sent to Debian
Maintainers and is a base for their update. The diff between
1.2.3-0ubuntu1 and 1.2.3-1 is a cosmetic one. Attached below.
** Changed in: python-django (Ubuntu)
Status: Incomplete => New
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
Status in “python-django” package in Ubuntu: New
Status in “python-django” package in Debian: Unknown
Bug description:
A new vulnerability has been discovered in 1.2 branch and two new django
releases were made: 1.2.2 which fixes an xss vulnerability [1] and the
1.2.3 that fixes two regressions caused by previous release [2]. All
users are advised to update so I'm preparing an update and asking for
FFe.
[1] http://www.djangoproject.com/weblog/2010/sep/08/security-release/
[2] http://www.djangoproject.com/weblog/2010/sep/10/123/
affects ubuntu/python-django
severity high
subscribe ubuntu-release
More information about the Ubuntu-sponsors
mailing list