Ubuntu
python-django package

security vulnerabiity in django i18n system

Bug #157903 reported by Jan Claeys on 2007-10-27

260

	Status	Importance	Assigned to
Feisty Backports	Fix Released	Undecided	Unassigned
python-django (Debian)	Fix Released	Unknown	debbugs #448838
python-django (Ubuntu)	Fix Released	Medium	William Grant
Feisty	Fix Released	Undecided	William Grant
Gutsy	Fix Released	Undecided	William Grant
Hardy	Fix Released	Medium	William Grant

Bug Description

Binary package hint: python-django

Upstream Django project has released a security vulnerability report:
http://www.djangoproject.com/weblog/2007/oct/26/security-fix/

Doesn't seem to be critical to me, but might still be good to fix this...

Related branches

lp://staging/ubuntu/karmic/python-django

lp://staging/ubuntu/feisty-security/python-django

lp://staging/ubuntu/gutsy-updates/python-django

CVE References

2007-5712

William Grant (wgrant) on 2007-10-28

Changed in python-django:
importance:	Undecided → Medium
status:	New → Confirmed
status:	New → Confirmed
status:	New → Confirmed

Revision history for this message

William Grant (wgrant) wrote on 2007-11-09:

python-django (0.96.1-0ubuntu1) hardy; urgency=low

  * New upstream release
    - SECURITY UPDATE: Denial of service in i18n middleware. (LP: #157903)
    - References:
     + CVE-2007-5712

-- William Grant <email address hidden> Fri, 09 Nov 2007 13:51:10 +1100

Changed in python-django:
status:	Confirmed → Fix Released

Bug Watch Updater (bug-watch-updater) on 2007-11-09

Changed in python-django:
status:	Unknown → New

Revision history for this message

William Grant (wgrant) wrote on 2007-11-09:

Backporters, please backport python-django 0.96.1-0ubuntu1 from Hardy to Feisty.

Changed in python-django:
assignee:	nobody → fujitsu
status:	Confirmed → In Progress
assignee:	nobody → fujitsu
status:	Confirmed → In Progress
assignee:	nobody → fujitsu

Revision history for this message

William Grant (wgrant) wrote on 2007-11-09:

feisty-security debdiff Edit (6.3 KiB, text/plain)

Revision history for this message

William Grant (wgrant) wrote on 2007-11-09:

gutsy-security debdiff Edit (6.3 KiB, text/plain)

Bug Watch Updater (bug-watch-updater) on 2007-11-12

Changed in python-django:
status:	New → Fix Released

Revision history for this message

John Dong (jdong) wrote on 2007-11-18:

Build tested; ack from backporters

Changed in feisty-backports:
status:	New → In Progress

Revision history for this message

Sebastien Bacher (seb128) wrote on 2007-11-19:

security issues should be fixed in security or updates rather than backport

Revision history for this message

William Grant (wgrant) wrote on 2007-11-19:

seb128: Right, but the security issue is in backports *at the moment*. I don't believe a security upload has ever been performed to -backports, nor does it seem sane to.

Revision history for this message

Sebastien Bacher (seb128) wrote on 2007-11-19:

does the request stand for 0.96.1-1 which is now the current hardy version?

Revision history for this message

Sebastien Bacher (seb128) wrote on 2007-11-19:

* Trying to backport python-django...
  - <python-django_0.96.1.orig.tar.gz: downloading from librarian>
  - <python-django_0.96.1-1.diff.gz: downloading from librarian>
  - <python-django_0.96.1-1.dsc: downloading from librarian>
I: Extracting python-django_0.96.1-1.dsc ... done.
I: Building backport of python-django-0.96.1 as 0.96.1-1~feisty1 ... done.

Changed in feisty-backports:
status:	In Progress → Fix Released

Kees Cook (kees) on 2007-11-20

Changed in python-django:
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed

Revision history for this message

William Grant (wgrant) wrote on 2007-11-20:

#10

python-django (0.96-1ubuntu0.1) gutsy-security; urgency=low

  * SECURITY UPDATE: Denial of service in i18n middleware.
  * debian/patches/03_CVE-2007-5712.diff: Add upstream fix. (LP: #157903)
  * References:
    CVE-2007-5712

-- William Grant <email address hidden> Fri, 09 Nov 2007 23:36:03 +1100

Revision history for this message

William Grant (wgrant) wrote on 2007-11-20:

#11

python-django (0.95.1-1ubuntu1.1) feisty-security; urgency=low

  * SECURITY UPDATE: Denial of service in i18n middleware.
  * debian/patches/03_CVE-2007-5712.diff: Add upstream fix. (LP: #157903)
  * References:
    CVE-2007-5712

-- William Grant <email address hidden> Fri, 09 Nov 2007 23:26:08 +1100

Changed in python-django:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

debbugs #448838
[done important patch security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntupython-django package

security vulnerabiity in django i18n system

Bug Description

Related branches

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
python-django package