[Bug 636482] Re: Update python-django to 1.2.3 version to fix an XSS vulnerability

Launchpad Bug Tracker 636482 at bugs.launchpad.net
Wed Oct 13 22:03:54 BST 2010 

This bug was fixed in the package python-django - 1.2.3-1ubuntu0.1

---------------
python-django (1.2.3-1ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: XSS in CSRF protections. New upstream release
    - CVE-2010-3082
  * debian/patches/01_disable_url_verify_regression_tests.diff:
    - updated to disable another test that fails without internet connection
    - patch based on work by Kai Kasurinen and Krzysztof Klimonda
  * debian/control: don't Build-Depends on locales-all, which doesn't exist
    in maverick

python-django (1.2.3-1) unstable; urgency=low

  [ Krzysztof Klimonda ]
  * New upstream release. Closes: #596893 LP: #636482
  * Fixes both a XSS vulnerability introduced in 1.2 series and
    the regressions caused by 1.2.2 release. Closes: #596205
  * debian/control:
    - depend on language packs for en_US.utf8 locales required for unit tests.
  * debian/rules:
    - re-enable build time tests.
    - set LC_ALL to en_US.utf8 for test suite.
  * debian/patches/series:
    - two new patches: 05_fix_regression_tests.diff and
      06_fix_regression_tests.diff backported from 1.2.x branch to fix
      test suite failures.

  [ Raphaël Hertzog ]
  * Update Standards-Version to 3.9.1.
  * Drop "--with quilt" and quilt build-dependency since the package is
    already using source format "3.0 (quilt)".
 -- Jamie Strandboge <jamie at ubuntu.com>   Tue, 12 Oct 2010 11:34:35 -0500

** Changed in: python-django (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.

Status in “python-django” package in Ubuntu: Fix Released
Status in “python-django” package in Debian: Fix Released

Bug description:
A new vulnerability has been discovered in 1.2 branch and two new django
releases were made: 1.2.2 which fixes an xss vulnerability [1] and the
1.2.3 that fixes two regressions caused by previous release [2]. All
users are advised to update so I'm preparing an update and asking for
FFe.

[1] http://www.djangoproject.com/weblog/2010/sep/08/security-release/
[2] http://www.djangoproject.com/weblog/2010/sep/10/123/

 affects ubuntu/python-django
 severity high
 subscribe ubuntu-release

More information about the Ubuntu-sponsors mailing list