Bug 8434 - python-django new security issues fixed in 1.3.5 and 1.4.3
: python-django new security issues fixed in 1.3.5 and 1.4.3
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
:
: https://www.djangoproject.com/weblog/...
: has_procedure mga2-64-OK mga2-32-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-12-19 14:59 CET by David Walser
Modified: 2013-01-03 17:31 CET (History)
4 users (show)

See Also:
Source RPM: python-django
CVE:
Status comment:


Attachments

Description David Walser 2012-12-19 14:59:38 CET
Upstream issued an advisory on December 10:
https://www.djangoproject.com/weblog/2012/dec/10/security/
Comment 1 David Walser 2012-12-19 18:40:26 CET
Mandriva has issued an advisory for this today (December 19):
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:181

The oct/17 issue (CVE-2012-4520) we already fixed in October.
Comment 2 Philippe Makowski 2012-12-19 22:20:05 CET
python-django-1.3.5-1.mga2 is in update testing
python-django-1.4.3-1.mga3 was already there
Comment 3 David Walser 2012-12-20 03:43:24 CET
Thanks Philippe!

Advisory:
========================

Updated python-django package fixes security vulnerability:

Host header and redirect poisoning vulnerabilities in python-django before
1.3.5 have been fixed.

References:
https://www.djangoproject.com/weblog/2012/dec/10/security/
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:181
========================

Updated packages in core/updates_testing:
========================
python-django-1.3.5-1.mga2

from python-django-1.3.5-1.mga2.src.rpm
Comment 4 claire robinson 2012-12-20 10:26:27 CET
Previously tested with: https://docs.djangoproject.com/en/dev/intro/tutorial01/
Comment 5 claire robinson 2012-12-20 10:44:15 CET
I can't find any PoC so just checking the server starts with the tutorial
Comment 6 claire robinson 2012-12-20 10:47:22 CET
See also https://bugs.mageia.org/show_bug.cgi?id=7835#c5

Testing complete mga2 64.
Comment 7 claire robinson 2012-12-21 16:08:33 CET
Testing complete mga2 32

Validating

Advisory and SRPM in comment 3.

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 8 Thomas Backlund 2012-12-26 19:53:13 CET
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0365
Comment 9 David Walser 2013-01-03 17:31:41 CET
Update checked into Mageia 1 SVN.

Note You need to log in before you can comment on or make changes to this bug.