registry team mailing list archive

Thread
Date

Re: [Bug 636482] Re: Update python-django to 1.2.3 version to fix an XSS vulnerability

To: registry@xxxxxxxxxxxxxxxxxxx
From: Krzysztof Klimonda <kklimonda@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Sep 2010 14:50:51 -0000
Reply-to: Bug 636482 <636482@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

On Wed, 2010-09-15 at 14:11 +0000, Artur Rona wrote:
> Is not easier to upload a stricte patch to fix this security issue? We
> can sync new upstream release in next development cycle from Debian.
> 

Easier for whom? The hard part has been figuring out how to re-enable
test suite (and make it pass without disabling tests) and it still had
to be done - it has been disabled by Debian maintainer because of
failures and running test suite at build-time has been one of
requirements made during MIR process.

I don't think we have to check a full delta between 1.2.1 and 1.2.3
releases as both are bug fix only. Django developers do a lot of work to
ensure that the concurrent releases are compatible and that's what the
tests are for anyway.

-- 
Sent from Ubuntu

-- 
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.

References

[Bug 636482] Re: Update python-django to 1.2.3 version to fix an XSS vulnerability
From: Artur Rona, 2010-09-15