[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-11-15 Thread Launchpad Bug Tracker
This bug was fixed in the package python-django - 1.1.1-2ubuntu1.6 --- python-django (1.1.1-2ubuntu1.6) lucid-security; urgency=low * SECURITY UPDATE: fix Host header poisoning - debian/patches/CVE-2012-4520.diff: adjust HttpRequest.get_host() to raise django.core.exceptio

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-11-15 Thread Launchpad Bug Tracker
This bug was fixed in the package python-django - 1.3-2ubuntu1.4 --- python-django (1.3-2ubuntu1.4) oneiric-security; urgency=low * SECURITY UPDATE: fix Host header poisoning - debian/patches/CVE-2012-4520.diff: adjust HttpRequest.get_host() to raise django.core.exceptions

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-11-15 Thread Launchpad Bug Tracker
This bug was fixed in the package python-django - 1.4.1-2ubuntu0.1 --- python-django (1.4.1-2ubuntu0.1) quantal-security; urgency=low * SECURITY UPDATE: fix Host header poisoning - debian/patches/CVE-2012-4520.diff: adjust HttpRequest.get_host() to raise django.core.except

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-11-15 Thread Launchpad Bug Tracker
This bug was fixed in the package python-django - 1.3.1-4ubuntu1.3 --- python-django (1.3.1-4ubuntu1.3) precise-security; urgency=low * SECURITY UPDATE: fix Host header poisoning - debian/patches/CVE-2012-4520.diff: adjust HttpRequest.get_host() to raise django.core.except

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-11-09 Thread Jamie Strandboge
** Changed in: python-django (Ubuntu Lucid) Status: In Progress => Fix Committed ** Changed in: python-django (Ubuntu Oneiric) Status: In Progress => Fix Committed ** Changed in: python-django (Ubuntu Precise) Status: In Progress => Fix Committed ** Changed in: python-django

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-11-09 Thread Jamie Strandboge
Mackenzie, thanks again for your patch. For future reference, the quantal debdiff had a few issues: * the version should be 1.4.1-2ubuntu0.1 * the changelog format does not comply with https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging * the patch does not contain DEP-3 comments

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-11-09 Thread Jamie Strandboge
Thanks for the debdiffs! Updates need to also be prepared for Ubuntu 10.04 LTS and 11.10 and I'll publish the updates for 12.04 LTS and 12.10 when those are ready. ** Changed in: python-django (Ubuntu Lucid) Status: New => In Progress ** Changed in: python-django (Ubuntu Oneiric) St

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-11-09 Thread Jamie Strandboge
Raring has 1.4.2-1. ** Also affects: python-django (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: python-django (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: python-django (Ubuntu Quantal) Importance: Undecided Status: New *

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-11-08 Thread Marc Deslauriers
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4520 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068486 Title: Please backport Django 1.3.4/1.4.2 security updates To manage

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-10-29 Thread Rodrigo Campos
Hi, It's been almost two weeks since the official security release. Any news when an ubuntu package will be available with the fix ? Thanks, Rodrigo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/10

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-10-23 Thread Mackenzie Morgan
The patches being added in the debdiff are from the upstream commit to fix the security bug. I did a test build of each in pbuilder, and I installed (upgraded to) the resulting deb on my precise server with no adverse effects to the Django app currently running on it. A specific proof of concept

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-10-23 Thread Mackenzie Morgan
** Patch added: "Quantal debdiff" https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1068486/+attachment/3410877/+files/python-django_1.4.1-2ubuntu1.debdiff ** Changed in: python-django (Ubuntu) Assignee: Mackenzie Morgan (maco.m) => (unassigned) -- You received this bug notif

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-10-23 Thread Mackenzie Morgan
** Patch added: "Precise debdiff" https://bugs.launchpad.net/ubuntu/+source/python-django/+bug/1068486/+attachment/3410876/+files/python-django_1.3.1-4ubuntu1.3.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.l

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-10-23 Thread Mackenzie Morgan
** Changed in: python-django (Ubuntu) Assignee: (unassigned) => Mackenzie Morgan (maco.m) ** Tags added: security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068486 Title: Please backport D

[Bug 1068486] Re: Please backport Django 1.3.4/1.4.2 security updates

2012-10-19 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: python-django (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1068486 Title