[Bug 234631] Re: security vulnerability in django admin
This bug was fixed in the package python-django - 0.95.1-1ubuntu1.2 --- python-django (0.95.1-1ubuntu1.2) feisty-security; urgency=low * SECURITY UPDATE: security vulnerability in django admin * debian/patches/05_CVE-2008-2302_fix.diff: added upstream fix escaping request path in login page of admin site.(LP: #234631) * References: CVE link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302 upstream announce: http://www.djangoproject.com/weblog/2008/may/14/security/ upstream fix: http://code.djangoproject.com/changeset/7527 -- Andrea Gasparini <[EMAIL PROTECTED]> Thu, 03 Jun 2008 09:08:38 +0200 -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
This bug was fixed in the package python-django - 0.96-1ubuntu0.2 --- python-django (0.96-1ubuntu0.2) gutsy-security; urgency=low * SECURITY UPDATE: security vulnerability in django admin * debian/patches/05_CVE-2008-2302_fix.diff: added upstream fix escaping request path in login page of admin site.(LP: #234631) * References: CVE link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302 upstream announce: http://www.djangoproject.com/weblog/2008/may/14/security/ upstream fix: http://code.djangoproject.com/changeset/7527 -- Andrea Gasparini <[EMAIL PROTECTED]> Thu, 29 May 2008 17:00:38 +0200 ** Changed in: python-django (Ubuntu Feisty) Status: Fix Committed => Fix Released -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
This bug was fixed in the package python-django - 0.96.1-2ubuntu2.1 --- python-django (0.96.1-2ubuntu2.1) hardy-security; urgency=low * SECURITY UPDATE: security vulnerability in django admin * debian/patches/05_CVE-2008-2302_fix.diff: added upstream fix escaping request path in login page of admin site.(LP: #234631) * References: CVE link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302 upstream announce: http://www.djangoproject.com/weblog/2008/may/14/security/ upstream fix: http://code.djangoproject.com/changeset/7527 -- Andrea Gasparini <[EMAIL PROTECTED]> Thu, 29 May 2008 17:00:38 +0200 ** Changed in: python-django (Ubuntu Hardy) Status: Fix Committed => Fix Released ** Changed in: python-django (Ubuntu Gutsy) Status: Fix Committed => Fix Released -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
** Changed in: python-django (Ubuntu Feisty) Status: In Progress => Fix Committed ** Changed in: python-django (Ubuntu Gutsy) Status: In Progress => Fix Committed ** Changed in: python-django (Ubuntu Hardy) Status: In Progress => Fix Committed -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
The feisty-hardy debdiffs all referenced the wrong bug number. I have adjusted that and am reviewing the rest of the patch. -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
for intrepid there is a merge in progress for Django 1.0 https://bugs.edge.launchpad.net/ubuntu/+source/python-django/+bug/264191 -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
yes, you're right! I controlled that it's only a typo, other versions number and packages are correct. Attacching a new debdiff. ** Attachment added: "python-django_0.95.1-ubuntu1.2.debdiff" http://launchpadlibrarian.net/15578618/python-django_0.95.1-ubuntu1.2.debdiff -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
Andrea, you've made a single-character error in your Feisty debdiff. You left the first 1 out of the version string. ** Changed in: python-django (Ubuntu Feisty) Status: Triaged => In Progress -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
This bug was fixed in the package python-django - 0.96.2-1ubuntu1 --- python-django (0.96.2-1ubuntu1) intrepid; urgency=low * Also closes LP: #234631: "security vulnerability in django admin" * Merge from Debian unstable. Remaining Ubuntu changes: - debian/patches/04_workaround_net_tests.patch - debian/rules: run testsuite during build process - debian/control: Maintainer set to Ubuntu Motu. python-django (0.96.2-1) unstable; urgency=low * New upstream security release. Closes: #481164 -- Andrea Gasparini <[EMAIL PROTECTED]> Tue, 20 May 2008 12:31:33 +0200 ** Changed in: python-django (Ubuntu Intrepid) Status: Fix Committed => Fix Released -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
Uploaded, tfyw! ** Changed in: python-django (Ubuntu Intrepid) Assignee: Andrea Gasparini (gaspa) => (unassigned) Status: Triaged => Fix Committed -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
Argh, wrong debdiff for intrepid... this is the right one. ** Attachment added: "python-django_0.96.2-1ubuntu1.debdiff" http://launchpadlibrarian.net/14942635/python-django_0.96.2-1ubuntu1.debdiff -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
Debdiff that closes the bug for intrepid: Remaining Ubuntu changes: - debian/patches/04_workaround_net_tests.patch run testsuite during build process - debian/control: Maintainer set to Ubuntu Motu. Changes dropped: - debian/patches/03_dynamicshebang.diff: manage.py created. with the right python interpreter. as discussed in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460662 and cause debian already change hashbang in binary-post-install to a standard "/usr/bin/python" . ** Attachment added: "python-django_0.96.2-1ubuntu1.debdiff" http://launchpadlibrarian.net/14942181/python-django_0.96.2-1ubuntu1.debdiff -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
Fixed also for feisty. :) ** Attachment added: "python-django_0.95.1-ubuntu1.2.debdiff" http://launchpadlibrarian.net/14940181/python-django_0.95.1-ubuntu1.2.debdiff -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
Yes, i'd like to do also for intrepid and feisty, just a few day, 'cause i'm really busy. :) (and for intrepid it's fine a merge...) -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
** Changed in: python-django (Ubuntu Feisty) Assignee: (unassigned) => Andrea Gasparini (gaspa) -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
Also, please use the patch system in your debdiffs, and create one for Feisty. -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
For Intrepid, we should sync or merge 0.96.2 from Debian. Andrea: can you please do that, given that you merged it last? ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2302 ** Changed in: python-django (Ubuntu Gutsy) Assignee: (unassigned) => Andrea Gasparini (gaspa) Status: New => In Progress ** Changed in: python-django (Ubuntu Hardy) Assignee: (unassigned) => Andrea Gasparini (gaspa) Status: New => In Progress ** Changed in: python-django (Ubuntu Feisty) Status: New => Triaged -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
Also fixed, with the same patch, for gutsy. ** Attachment added: "python-django_0.96-1ubuntu0.2.debdiff" http://launchpadlibrarian.net/14796153/python-django_0.96-1ubuntu0.2.debdiff -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
Applied upstream fix in hardy package. so, this is the debdiff that should fix this bug in hardy, ** Attachment added: "python-django_0.96.1-2ubuntu2.1.debdiff" http://launchpadlibrarian.net/14796133/python-django_0.96.1-2ubuntu2.1.debdiff -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
** Changed in: python-django (Ubuntu) Assignee: (unassigned) => Andrea Gasparini (gaspa) -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 234631] Re: security vulnerability in django admin
I can confirm this announcement. See also here: http://www.djangoproject.com/weblog/2008/may/14/security/ ** Changed in: python-django (Ubuntu) Importance: Undecided => Medium Status: New => Triaged -- security vulnerability in django admin https://bugs.launchpad.net/bugs/234631 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs