Re: [Bug 719031] [NEW] SECURITY - multiple vulnerabilities, upgrade needed to 1.2.5 or 1.1.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Guillaume Pratte wrote: > See this link: http://www.djangoproject.com/weblog/2011/feb/08/security/ > No CVE seems to have been assigned yet. As reported to us (Django), the following IDs have been assigned: CVE-2011-0696 -- CSRF CVE-2011-0697 -- file field XSS CVE-2011-0698 -- directory traversal - -- James Bennett ja...@b-list.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1ZrLwACgkQNoTAwIyLKuG6nQCgou9wAa9lzkZmhT9zzPc1cPok MEIAmgJd846BOUni/pLoiNu2mG1sgeai =UtW5 -END PGP SIGNATURE- -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/719031 Title: SECURITY - multiple vulnerabilities, upgrade needed to 1.2.5 or 1.1.4 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 719031] [NEW] SECURITY - multiple vulnerabilities, upgrade needed to 1.2.5 or 1.1.4
*** This bug is a security vulnerability *** Public security bug reported: Binary package hint: python-django See this link: http://www.djangoproject.com/weblog/2011/feb/08/security/ No CVE seems to have been assigned yet. " Today the Django team is issuing multiple releases -- Django 1.2.5 and Django 1.1.4 -- to remedy three security issues reported to us. All users of affected versions of Django are urged to upgrade immediately. " * Flaw in CSRF handling * Potential XSS in file field rendering * Directory-traversal vulnerability on Windows ** Affects: python-django (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/719031 Title: SECURITY - multiple vulnerabilities, upgrade needed to 1.2.5 or 1.1.4 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs