Debian Bug report logs - #691145
python-django: CVE-2012-4520

version graph

Package: python-django; Maintainer for python-django is Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>; Source for python-django is src:python-django.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Mon, 22 Oct 2012 06:54:01 UTC

Severity: grave

Tags: security

Fixed in version python-django/1.4.2-1

Done: Raphaël Hertzog <hertzog@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Chris Lamb <lamby@debian.org>:
Bug#691145; Package python-django. (Mon, 22 Oct 2012 06:54:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Chris Lamb <lamby@debian.org>. (Mon, 22 Oct 2012 06:54:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: python-django: CVE-2012-4520
Date: Mon, 22 Oct 2012 08:49:39 +0200
Package: python-django
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see https://www.djangoproject.com/weblog/2012/oct/17/security/

Cheers,
        Moritz



Added tag(s) pending. Request was from hertzog@users.alioth.debian.org to control@bugs.debian.org. (Mon, 22 Oct 2012 08:36:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Chris Lamb <lamby@debian.org>:
Bug#691145; Package python-django. (Mon, 22 Oct 2012 09:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Chris Lamb <lamby@debian.org>. (Mon, 22 Oct 2012 09:09:03 GMT) Full text and rfc822 format available.

Message #12 received at 691145@bugs.debian.org (full text, mbox):

From: Raphael Hertzog <hertzog@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>, 691145@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#691145: python-django: CVE-2012-4520
Date: Mon, 22 Oct 2012 11:06:58 +0200
Hi,

On Mon, 22 Oct 2012, Moritz Muehlenhoff wrote:
> please see https://www.djangoproject.com/weblog/2012/oct/17/security/

There's a stable update ready here:
http://people.debian.org/~hertzog/packages/python-django_1.2.3-3+squeeze4_amd64.changes

Let me know if I can upload it to security.debian.org. Thijs, feel free to
test it.

I will also shorty upload 1.4.2-1 to unstable and wheezy.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/



Reply sent to Raphaël Hertzog <hertzog@debian.org>:
You have taken responsibility. (Mon, 22 Oct 2012 09:51:04 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Mon, 22 Oct 2012 09:51:04 GMT) Full text and rfc822 format available.

Message #17 received at 691145-close@bugs.debian.org (full text, mbox):

From: Raphaël Hertzog <hertzog@debian.org>
To: 691145-close@bugs.debian.org
Subject: Bug#691145: fixed in python-django 1.4.2-1
Date: Mon, 22 Oct 2012 09:48:31 +0000
Source: python-django
Source-Version: 1.4.2-1

We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 691145@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphaël Hertzog <hertzog@debian.org> (supplier of updated python-django package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 22 Oct 2012 10:53:30 +0200
Source: python-django
Binary: python-django python-django-doc
Architecture: source all
Version: 1.4.2-1
Distribution: unstable
Urgency: high
Maintainer: Chris Lamb <lamby@debian.org>
Changed-By: Raphaël Hertzog <hertzog@debian.org>
Description: 
 python-django - High-level Python web development framework
 python-django-doc - High-level Python web development framework (documentation)
Closes: 691145
Changes: 
 python-django (1.4.2-1) unstable; urgency=high
 .
   * New upstream security and maintenance release. Closes: #691145
     Fixes: CVE-2012-4520
   * Drop 01_use_stdlib_htmlparser_when_possible.diff which has been
     merged upstream.
Checksums-Sha1: 
 41b8407c9de3c4fe4142c5c237d1c69af9a2c7c4 2227 python-django_1.4.2-1.dsc
 ccee9f589b819545f9d71d4aee2c2322e5cc2fd6 7722026 python-django_1.4.2.orig.tar.gz
 7540f905ad89bb27e1967f0da6388f758bbd8121 19606 python-django_1.4.2-1.debian.tar.gz
 ea5b071f8d1a23dcce75394ca05faf2eb54c0523 5363578 python-django_1.4.2-1_all.deb
 ca5de9b54112a67e62125cf8fac4677bdb598f87 2421354 python-django-doc_1.4.2-1_all.deb
Checksums-Sha256: 
 88b928e62a8dae16dd06881703b43715565f77eb15263e4a61a280373574376d 2227 python-django_1.4.2-1.dsc
 edfd8733f45bbaa524cee25bcac3080ce28c21242c27227464eae3fa6b3d80e7 7722026 python-django_1.4.2.orig.tar.gz
 c24cbe93ae7a611551004c028982c4cfcd5d3e566d9657f483cec2e2b08ae666 19606 python-django_1.4.2-1.debian.tar.gz
 d6b31a39373f6889486953e3473104bec54651eabc5488bf453866397281df94 5363578 python-django_1.4.2-1_all.deb
 216554ba06bed2a44ffa7c67f0fdf7f2dea7a750c435912b8d8186268924e534 2421354 python-django-doc_1.4.2-1_all.deb
Files: 
 ef02ce2ceb17fd28edb272380e741fe3 2227 python optional python-django_1.4.2-1.dsc
 6ffecdc01ad360e1abdca1015ae0893a 7722026 python optional python-django_1.4.2.orig.tar.gz
 caf8f606a60064b092260004f76dc9d6 19606 python optional python-django_1.4.2-1.debian.tar.gz
 dee2bda5a8ba0893f1d87a63e30de64d 5363578 python optional python-django_1.4.2-1_all.deb
 9d2faebaf1730d78419b6c168a028937 2421354 doc optional python-django-doc_1.4.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Signed by Raphael Hertzog

iQIcBAEBCAAGBQJQhRLxAAoJEOYZBF3yrHKah3AP/3Ut/5+kZRLnS8G1UvIPIpLW
/pdjQB3Uqnm/sYcCBAIX0WKtZ2+inkJggpnae5zsaUw9vSP/KQU4kXo6rr3tIFou
mhrFfgLXpnCNvjAWzq0aZCe7sqk73hxELFKiqBqsJHi23myt6lgAivF631PtuAAP
y/nszBPjgWwrbPonn7QKCg7qa6z1ak+9Ac/8jpmOn4D4fiIP25sWxkwKGfBIcyMx
8UlX0KtinxSt5hSLdsY9WaXri7PZ+JQHBvZQhsEEHhIZGcSVajsAA8GCzRvFkBo4
IOwF+Qo+tvAnqg1eLiqy196dHY2J7qSCPs+zWIXdm/o1UXm7iG1eQWLAFI43dCh4
eL2qJlqw/3GyZJMMSS2DkF2KjQToW4qmvXUsiHQ6ORvoGaGE5fHOc0BrAdbAYw8s
emcvfbCBOpKJnZ9FLAOVhhKVkmS87nSyHbuc61UlMePnzQeeXlTf3O5zsn1Lbxv3
FbhmeaXacqq8tib3Kjs+05Y8zH4zS6k4RyaaPV1W0q+cqtd26vWSIzPj+gtTjtln
zuwjJNAx5lu255MYf//pGX5sXqw+5rujzHDIiiKGmFl14Gb6RPO+tWAshZ8775D0
dNM3N2z4uyFzLBtI9d5x9iS89JJuGWM96k2LLGoxyowfBAkKGtdyfVYgV9HwY+rN
iiZ6Ha6xvEo58nqiAZ0s
=+seJ
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 20 Nov 2012 07:26:04 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 10:11:28 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.