thr3ads.net - Secure testing team - [Secure-testing-team] Bug#596205: python-django: new minor release fixes CSRF bug [Sep 2010]

If this information is useful, please help other people find it:
Share via:

Tilman Koschnick

2010-Sep-09 08:02 UTC

[Secure-testing-team] Bug#596205: python-django: new minor release fixes CSRF bug

Package: python-django
Version: 1.2.1-1
Severity: grave
Tags: security
Justification: user security hole

Hi,

the Django project released version 1.2.2, fixing a security problem in the CSRF
protection system. Details are on the Django Blog:

http://www.djangoproject.com/weblog/2010/sep/08/security-release/

Cheers, Til


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, ''testing'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages python-django depends on:
ii  python                        2.6.5-13   interactive high-level object-orie
ii  python-support                1.0.9      automated rebuilding support for P

Versions of packages python-django recommends:
ii  libjs-jquery                  1.4.2-2    JavaScript library for dynamic web

Versions of packages python-django suggests:
pn  python-flup                  <none>      (no description available)
ii  python-mysqldb               1.2.2-10+b1 A Python interface to MySQL
pn  python-psycopg               <none>      (no description available)
pn  python-psycopg2              <none>      (no description available)
pn  python-sqlite                <none>      (no description available)
ii  python-yaml                  3.09-4      YAML parser and emitter for Python

-- no debconf information

Secure testing team - Sep 2010 - Bug#596205: python-django: new minor release fixes CSRF bug

[Secure-testing-team] Bug#596205: python-django: new minor release fixes CSRF bug