Bug 6162

Summary: python-django missing update for multiple security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: Normal CC: makowski.mageia, misc
Version: 1   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/465027/
Whiteboard:
Source RPM: python-django-1.3-1.mga1.src.rpm CVE:
Status comment:

Description David Walser 2012-05-29 23:03:45 CEST 
Advisories for these issues have been issued by Ubuntu, Debian, and SuSE:
http://www.ubuntu.com/usn/usn-1297-1/ (December 8)
http://www.debian.org/security/2011/dsa-2332 (October 29)
http://lists.opensuse.org/opensuse-updates/2012-05/msg00037.html (today)

CVEs are:
CVE-2011-4136
CVE-2011-4137
CVE-2011-4138
CVE-2011-4139
CVE-2011-4140

The solution is to upgrade to 1.3.1 (already available in Mageia 2).
David Walser 2012-06-14 21:04:45 CEST

CC: (none) => misc

David Walser 2012-06-19 03:14:57 CEST

CC: (none) => makowski.mageia

Comment 1 Philippe Makowski 2012-06-21 18:29:19 CEST 
1.3.1 is allready in Mageia 1 :
* lun. 12 sept. 2011 14:00:00 CEST misc <misc> 1.3.1-1.mga1
        
        + Revision: 142754
        - security update, fix several issues ( list on https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ )


urpmq -f python-django
python-django-1.3-1.mga1.noarch|python-django-1.3.1-1.mga1.noarch|python-django-1.3-1.mga1.noarch|python-django-1.3.1-1.mga1.noarch
Comment 2 David Walser 2012-06-21 18:34:38 CEST 
Whoops, thanks Philippe.

Status: NEW => RESOLVED
Resolution: (none) => INVALID