This bug was fixed in the package python-django - 1.2.3-1ubuntu0.1
---
python-django (1.2.3-1ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: XSS in CSRF protections. New upstream release
- CVE-2010-3082
* debian/patches/01_disable_url_verify_regression_tests.diff:
Uploaded 1.2.3-1ubuntu0.1 to security PPA.
** Changed in: python-django (Ubuntu)
Status: In Progress => Fix Committed
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of
** Changed in: python-django (Ubuntu)
Status: Triaged => In Progress
** Changed in: python-django (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received th
** Changed in: python-django (Debian)
Status: Unknown => Fix Released
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
** Changed in: python-django (Ubuntu)
Status: New => Triaged
** Changed in: python-django (Ubuntu)
Milestone: None => maverick-updates
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because
whoops - not actually synced, per comment #10 and ScottK's reminder
thereof.
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3082
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ub
That or if someone sponsors Krzysztof's package.
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubu
Per comment #10, we can't sync it yet. If it's syncable before it would
cause us to have a respin for Ubuntu Server, then I'm OK with this.
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you a
What is the verdict on this sync? It would be nice to not release with
an open CVE.
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu
On Mon, 2010-10-04 at 19:47 +, Scott Kitterman wrote:
> What testing has been done to check that the new release works?
>
All enabled tests have passed, this is a bug-fix only release dealing
almost entirely with the XSS vulnerability introduced in the 1.2.x
branch.
The resulting package ins
What testing has been done to check that the new release works?
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs m
@ubuntu-release: can someone review and ACK/NAK 1.2.3-0ubuntu1 for
maverick?
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
a result or running diff -uNr debian/debian/ lp.636482/debian/ >
filtered.diff
** Patch added: "filtered.diff"
https://bugs.edge.launchpad.net/ubuntu/+source/python-django/+bug/636482/+attachment/1671926/+files/filtered.diff
--
Update python-django to 1.2.3 version to fix an XSS vulnerabilit
Not until release of 1.2.3-2 with a patch removing test mentioned by Kai
Kasurinen is applied. Unless DDs decide not to apply the patch and wait
for the next point release. I've opened a new bug about it on the debian
BTS but, given a time frame, we may be better with updating it
ourselves. The 1.2
What is the status of this? 1.2.3-1 is now in Debian. Can we perform a
sync to get this fixed before release?
** Changed in: python-django (Ubuntu)
Status: New => Incomplete
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You rec
@Kai: Thanks, I have disabled this test in our package (and will send it
back to Debian).
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
test_correct_url_value_passes will fail if there's no Internet
connection
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubu
** Branch linked: lp:debian/sid/python-django
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu
On Wed, 2010-09-15 at 14:11 +, Artur Rona wrote:
> Is not easier to upload a stricte patch to fix this security issue? We
> can sync new upstream release in next development cycle from Debian.
>
Easier for whom? The hard part has been figuring out how to re-enable
test suite (and make it pass
Is not easier to upload a stricte patch to fix this security issue? We
can sync new upstream release in next development cycle from Debian.
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you ar
** Bug watch added: Debian Bug tracker #596205
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596205
** Also affects: python-django (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596205
Importance: Unknown
Status: Unknown
--
Update python-django to 1.2.3 version
Bug fix only, so no FFe needed.
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ub
Attached is an updated branch with 1.2.3 release. I've had to do some
changes to packaging and backport two patches from 1.2.x branch to make
tests pass.
** Branch linked: lp:~kklimonda/ubuntu/maverick/python-django/lp.636482
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
h
We want this in if there is a working / tested package.
--
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing l
Package doesn't build currently - there are failing tests that I have to
investigate. Still, an ACK would be great.
** Changed in: python-django (Ubuntu)
Status: New => Incomplete
** Changed in: python-django (Ubuntu)
Status: Incomplete => Confirmed
** Changed in: python-django (Ub
26 matches
Mail list logo
