Hottest Free Downloads - DownloadPipe.com Over 197,000 downloads! Bookmark Now!
DownloadPipe.com - New Downloads Every Minute
 SEARCH:
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Bug#407786: New minor upstream release fixes three vulnera..

  
   Linux (Home) -> Bugs RC RSS
Next:  Bug#350595: gerris still FTBFS on m68k  
Author Message
Sam Morris

External


Since: Aug 21, 2005
Posts: 247



(Msg. 1) Posted: Sun Jan 21, 2007 1:30 pm
Post subject: Bug#407786: New minor upstream release fixes three vulnerabilities
Archived from groups: linux>debian>bugs>rc (more info?)
Package: python-django
Version: 0.95-3
Severity: grave
Tags: security

The announcement at
<http://www.djangoproject.com/weblog/2007/jan/21/0951/> includes links
to the diffs for each changeset.

Fixes include:

* A patch for a small security vulnerability in the script
Django's internationalization system uses to compile translation
files (changeset 4360 in the "0.95-bugfixes" branch).
* A fix for a bug in Django's authentication middleware which
could cause apparent "caching" of a logged-in user (changeset
4361).
* A patch which disables debugging mode in the flup FastCGI
package Django uses to launch its FastCGI server, which prevents
tracebacks from bubbling up during production use (changeset
4363).

The second fix should definitely be fixed for Etch. The first probably
only warrants 'important' severity, and the same might be said for the
third, although the tracebacks that are displayed may disclose sensitive
information to an attacker.

--
Sam Morris
sam.RemoveThis@robots.org.uk

http://robots.org.uk/



--
To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST.RemoveThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.RemoveThis@lists.debian.org
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Bug#385054: sendmail 8.13.8 fixes remote DoS vulnerability - retitle 385054 CVE-2006-4434: sendmail 8.13.8 fixes remote DoS vulnerability thanks CVE-2006-4434 has been assigned to this issue. -- To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble?...

Bug#406258: upstream is working on this - Hi, A mail for the record of this bug: upstream (kdepim team) is having a meeting this weekend [0], and they have added this problem on the agenda. Ana [0] http://www.kontact.org/news.php -- To UNSUBSCRIBE, email to..

Bug#399329: Request to upload new upstream for phpMyAdmin .. - Hi, I'd like to request the approval of uploading a new upstream version of phpMyAdmin, 2.9.1.1. I'm skipping one upstream version here (Debian currently has 2.8.0.3) since I deliberately did not upload the newer upstream without a pressing reason. Now...

Bug#383994: graveman: Isn't very active in upstream side a.. - Package: graveman Version: 0.3.12-5-1 Severity: critical Currently its upstream isn't very actively maintaining it and there's a lot of bugs that there's no upstream fixes yet. I'll keep this package out of etch for now and later, if there's enough time...

Bug#368890: mysql-dfsg-4.1: Need to update to new upstream.. - Package: mysql-dfsg-4.1 Severity: grave Tags: security Justification: user security hole The stable version was updated (4.1.11a-4sarge3) to handle security bugs fixed in upstream version 4.1.19. The testing version should reflect these changes. The..
       Linux (Home) -> Bugs RC All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Categories:
 Windows Forums
 Game Forums
  Linux Forums
 Mac Forums
 PDA Forums
 Mobile Forums
  Top  |  Store  |  RSS Feeds RSS  |  Data Feeds  |  Advertise  |  Submit  |  Bookmark  |  Newsletter  |  Contact