Several security issue have been fixed in django (https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ ) . A updated package have been sent to update_testing, but I have no easy testing procedure, nor any CVE for that. So I guess that asking to someone to use a small django project would be overkill ? ( especially since I am the only one to know django well enough for that :/ ) Advisory Django, a popular web framework, have been updated to fix several issues from file location disclosure to potential ressources exhaustion. More information can be found on the project web site, on https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ . According to the developpers, some fixes may result in backward incompatible changes, even if any breakage is unlikely.
Component: RPM Packages => Security
Advisory ------------- Django, a popular web framework, has been updated to fix several issues ranging from file location disclosure to potential resource exhaustion. More information can be found on the project web site, at: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ According to the developers, some fixes may result in backward incompatible changes, even if any breakage is unlikely. ------------- Just small spelling and grammar corrections. Not sure what to do with this one besides testing it updates OK? Which it does i586 python-django Source RPM : python-django-1.3.1-1.mga1.src.rpm
CC: (none) => eeeemail
(In reply to comment #0) > So I guess that asking to someone to use a small django project would be > overkill ? ( especially since I am the only one to know django well enough for > that :/ ) > Maybe not, if there's a good step by step tutorial somewhere for us to follow, and that it just works :) Otherwise, I suppose that you have tested it yourself ?
CC: (none) => stormi
There is the django tutoriel : https://docs.djangoproject.com/en/1.3/intro/tutorial01/ But django is a vast project, and I doubt the tutorial touch the part that were changed :/ While testing by myself, no. I do not use mageia 1 on my servers, and do not use session or various part impacted by the changes. And one issue is that since that's python, regression would be seen at runtime, which make it harder to spot.
I was rather talking about testing that django still appears to work from quick testing (as you said you use it), but if you don't use mageia 1 then we'll try to find a way.
Another solution would be using a heuristic : - django is used a lot - django people are quick to react So if we monitor the django bug tracker and no regression appear, we can decide to ship if a quick test show that's ok.
I've done a very quick test on i586. Just went through https://docs.djangoproject.com/en/1.3/intro/tutorial01/ only up to the point of running "python manage.py runserver", and connecting to http://127.0.0.1:8000/ in a browser.
CC: (none) => davidwhodgins
Performed same procedure as Dave did on x86_64 and got the welcome page. I think we can validate. Advisory ------------- Django, a popular web framework, has been updated to fix several issues ranging from file location disclosure to potential resource exhaustion. More information can be found on the project website, at: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ According to the developers, some fixes may result in backward incompatible changes but any breakage is unlikely. ------------- Source RPM : python-django-1.3.1-1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates. Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsHardware: i586 => All
update pushed.
Status: NEW => RESOLVEDCC: (none) => dmorganecResolution: (none) => FIXED