[Bug 636482] Re: Update python-django to 1.2.3 version to fix an XSS vulnerability
Krzysztof Klimonda
kklimonda at syntaxhighlighted.com
Wed Sep 15 15:50:51 BST 2010
On Wed, 2010-09-15 at 14:11 +0000, Artur Rona wrote:
> Is not easier to upload a stricte patch to fix this security issue? We
> can sync new upstream release in next development cycle from Debian.
>
Easier for whom? The hard part has been figuring out how to re-enable
test suite (and make it pass without disabling tests) and it still had
to be done - it has been disabled by Debian maintainer because of
failures and running test suite at build-time has been one of
requirements made during MIR process.
I don't think we have to check a full delta between 1.2.1 and 1.2.3
releases as both are bug fix only. Django developers do a lot of work to
ensure that the concurrent releases are compatible and that's what the
tests are for anyway.
--
Sent from Ubuntu
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
Status in “python-django” package in Ubuntu: New
Status in “python-django” package in Debian: Unknown
Bug description:
A new vulnerability has been discovered in 1.2 branch and two new django
releases were made: 1.2.2 which fixes an xss vulnerability [1] and the
1.2.3 that fixes two regressions caused by previous release [2]. All
users are advised to update so I'm preparing an update and asking for
FFe.
[1] http://www.djangoproject.com/weblog/2010/sep/08/security-release/
[2] http://www.djangoproject.com/weblog/2010/sep/10/123/
affects ubuntu/python-django
severity high
subscribe ubuntu-release
More information about the Ubuntu-sponsors
mailing list