Upstream issued an advisory on December 10: https://www.djangoproject.com/weblog/2012/dec/10/security/
CC: (none) => makowski.mageiaAssignee: bugsquad => makowski.mageia
CC: (none) => oe
Mandriva has issued an advisory for this today (December 19): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:181 The oct/17 issue (CVE-2012-4520) we already fixed in October.
python-django-1.3.5-1.mga2 is in update testing python-django-1.4.3-1.mga3 was already there
Thanks Philippe! Advisory: ======================== Updated python-django package fixes security vulnerability: Host header and redirect poisoning vulnerabilities in python-django before 1.3.5 have been fixed. References: https://www.djangoproject.com/weblog/2012/dec/10/security/ http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:181 ======================== Updated packages in core/updates_testing: ======================== python-django-1.3.5-1.mga2 from python-django-1.3.5-1.mga2.src.rpm
Version: Cauldron => 2Assignee: makowski.mageia => qa-bugs
Previously tested with: https://docs.djangoproject.com/en/dev/intro/tutorial01/
Whiteboard: (none) => has_procedure
I can't find any PoC so just checking the server starts with the tutorial
See also https://bugs.mageia.org/show_bug.cgi?id=7835#c5 Testing complete mga2 64.
Whiteboard: has_procedure => has_procedure mga2-64-OK
Testing complete mga2 32 Validating Advisory and SRPM in comment 3. Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK mga2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0365
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
Update checked into Mageia 1 SVN.