registry team mailing list archive

[Launchpad Bug Tracker <636482@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package python-django - 1.2.3-1ubuntu0.1

---------------
python-django (1.2.3-1ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: XSS in CSRF protections. New upstream release
    - CVE-2010-3082
  * debian/patches/01_disable_url_verify_regression_tests.diff:
    - updated to disable another test that fails without internet connection
    - patch based on work by Kai Kasurinen and Krzysztof Klimonda
  * debian/control: don't Build-Depends on locales-all, which doesn't exist
    in maverick

python-django (1.2.3-1) unstable; urgency=low

  [ Krzysztof Klimonda ]
  * New upstream release. Closes: #596893 LP: #636482
  * Fixes both a XSS vulnerability introduced in 1.2 series and
    the regressions caused by 1.2.2 release. Closes: #596205
  * debian/control:
    - depend on language packs for en_US.utf8 locales required for unit tests.
  * debian/rules:
    - re-enable build time tests.
    - set LC_ALL to en_US.utf8 for test suite.
  * debian/patches/series:
    - two new patches: 05_fix_regression_tests.diff and
      06_fix_regression_tests.diff backported from 1.2.x branch to fix
      test suite failures.

  [ Raphaël Hertzog ]
  * Update Standards-Version to 3.9.1.
  * Drop "--with quilt" and quilt build-dependency since the package is
    already using source format "3.0 (quilt)".
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Tue, 12 Oct 2010 11:34:35 -0500

** Changed in: python-django (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
Update python-django to 1.2.3 version to fix an XSS vulnerability
https://bugs.launchpad.net/bugs/636482
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.