*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: python-django See this link: http://www.djangoproject.com/weblog/2011/feb/08/security/ No CVE seems to have been assigned yet. " Today the Django team is issuing multiple releases -- Django 1.2.5 and Django 1.1.4 -- to remedy three security issues reported to us. All users of affected versions of Django are urged to upgrade immediately. " * Flaw in CSRF handling * Potential XSS in file field rendering * Directory-traversal vulnerability on Windows ** Affects: python-django (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/719031 Title: SECURITY - multiple vulnerabilities, upgrade needed to 1.2.5 or 1.1.4 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs