Your message dated Sun, 21 Jan 2007 17:02:11 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#407786: fixed in python-django 0.95.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: python-django
Version: 0.95-3
Severity: grave
Tags: security
The announcement at
<http://www.djangoproject.com/weblog/2007/jan/21/0951/> includes links
to the diffs for each changeset.
Fixes include:
* A patch for a small security vulnerability in the script
Django's internationalization system uses to compile translation
files (changeset 4360 in the "0.95-bugfixes" branch).
* A fix for a bug in Django's authentication middleware which
could cause apparent "caching" of a logged-in user (changeset
4361).
* A patch which disables debugging mode in the flup FastCGI
package Django uses to launch its FastCGI server, which prevents
tracebacks from bubbling up during production use (changeset
4363).
The second fix should definitely be fixed for Etch. The first probably
only warrants 'important' severity, and the same might be said for the
third, although the tracebacks that are displayed may disclose sensitive
information to an attacker.
--
Sam Morris
[EMAIL PROTECTED]
http://robots.org.uk/
--- End Message ---
--- Begin Message ---
Source: python-django
Source-Version: 0.95.1-1
We believe that the bug you reported is fixed in the latest version of
python-django, which is due to be installed in the Debian FTP archive:
python-django_0.95.1-1.diff.gz
to pool/main/p/python-django/python-django_0.95.1-1.diff.gz
python-django_0.95.1-1.dsc
to pool/main/p/python-django/python-django_0.95.1-1.dsc
python-django_0.95.1-1_all.deb
to pool/main/p/python-django/python-django_0.95.1-1_all.deb
python-django_0.95.1.orig.tar.gz
to pool/main/p/python-django/python-django_0.95.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphael Hertzog <[EMAIL PROTECTED]> (supplier of updated python-django package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 21 Jan 2007 17:45:50 +0100
Source: python-django
Binary: python-django
Architecture: source all
Version: 0.95.1-1
Distribution: unstable
Urgency: low
Maintainer: Brett Parker <[EMAIL PROTECTED]>
Changed-By: Raphael Hertzog <[EMAIL PROTECTED]>
Description:
python-django - A high-level Python Web framework
Closes: 403761 407489 407607 407786
Changes:
python-django (0.95.1-1) unstable; urgency=low
.
[ Brett Parker ]
* New upstream minor release for security bugs:
- http://www.djangoproject.com/weblog/2007/jan/21/0951/
- Fixes a small security vulnerability in the script Django's
internationalization system uses to compile translation files
(changeset 4360 in the "0.95-bugfixes" branch).
- fix for a bug in Django's authentication middleware which could cause
apparent "caching" of a logged-in user (changeset 4361).
- patch which disables debugging mode in the flup FastCGI package Django
uses to launch its FastCGI server, which prevents tracebacks from
bubbling up during production use (changeset 4363).
Closes: #407786, #407607
* Sets Recommends to python-psycopg and moves other database engines to
the Suggests field.
.
[ Raphael Hertzog ]
* Use python-pysqlite2 as default database engine in Recommends. Others are
in Suggests. Closes: #403761
* Add python-psycopg2 in Suggests. Closes: #407489
Files:
cc4f46e10156431c73eef450f6293663 886 python optional python-django_0.95.1-1.dsc
07f09d8429916481e09e84fd01e97355 1297839 python optional
python-django_0.95.1.orig.tar.gz
10f4d6bf948b13fc5340fc36bff6ce39 3688 python optional
python-django_0.95.1-1.diff.gz
e231c5b65c6e49b289d2fb0e2f2affba 1024882 python optional
python-django_0.95.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFs5mdvPbGD26BadIRAm8uAKCctcbB9klMv/yjMl4JSxgfcMA8ogCfYXUs
rUH2k+PIMxqu8FchsPU4N4o=
=R8J5
-----END PGP SIGNATURE-----
--- End Message ---
