There was an i18n vuln leading to possible DoS, described at
http://www.djangoproject.com/weblog/2007/oct/26/security-fix/
This updates the package to the new point release and bumps package from
py-django-0.96 -> py-django-0.96.1. Diff attached.
Tested briefly on i386 with a project under development.
Thanks to John Danks for the heads up.
--
Darrin Chandler | Phoenix BSD User Group | MetaBUG
[EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/
http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/py-django/Makefile,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 Makefile
--- Makefile 19 Sep 2007 13:45:00 -0000 1.1.1.1
+++ Makefile 8 Nov 2007 00:48:42 -0000
@@ -2,10 +2,11 @@
COMMENT= high-level Python web framework
+VP= 0.96.1
V= 0.96
LNAME= django
-DISTNAME= Django-${V}
-PKGNAME= py-${LNAME}-${V}
+DISTNAME= Django-${VP}
+PKGNAME= py-${LNAME}-${VP}
CATEGORIES= www lang/python
HOMEPAGE= http://www.djangoproject.com/
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/py-django/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- distinfo 19 Sep 2007 13:45:00 -0000 1.1.1.1
+++ distinfo 8 Nov 2007 00:48:42 -0000
@@ -1,5 +1,5 @@
-MD5 (Django-0.96.tar.gz) = b4aedad1e90dd38d58ff9fc756180c7d
-RMD160 (Django-0.96.tar.gz) = 2ca030a75c7b11fcc3507ad929d8a9884c0fad3e
-SHA1 (Django-0.96.tar.gz) = 8870e0946ffe33a78293616d89b640fa58c6fe33
-SHA256 (Django-0.96.tar.gz) =
d8e9cd5ad36901bc18cd13d939b0cffd23a028d0ae1a56e2ac753573ede10eba
-SIZE (Django-0.96.tar.gz) = 1748745
+MD5 (Django-0.96.1.tar.gz) = EKoy5YlpxO/rAO9CuhkrFw==
+RMD160 (Django-0.96.1.tar.gz) = G9j8zqsQH4BWC7SqikhRwgTzkYs=
+SHA1 (Django-0.96.1.tar.gz) = hScPhX/0BZg8rpoe9237MwPKbuw=
+SHA256 (Django-0.96.1.tar.gz) = SHQTTp/GvQjrfkUeQgODlGaIlcJrfMhn1MP9r51xEIU=
+SIZE (Django-0.96.1.tar.gz) = 1746455
