-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 30 Jul 2009 17:43:56 +0200 Source: python-django Binary: python-django Architecture: source all Version: 1.0.2-1+lenny1 Distribution: stable-proposed-updates Urgency: low Maintainer: Brett Parker <iDunno@sommitrealweird.co.uk> Changed-By: Chris Lamb <lamby@debian.org> Description: python-django - A high-level Python Web framework Closes: 539134 Changes: python-django (1.0.2-1+lenny1) stable-proposed-updates; urgency=low . * Add patch to fix issue with a maliciously crafted URL gaining access to any file on the filesystem (Closes: #539134) . Upstream writes: . Django includes a lightweight, WSGI-based web server for use in learning Django and in testing new applications during early stages of development. For sake of convenience, this web server automatically maps certain URLs corresponding to the static media files used by the Django administrative application. . The handler which maps these URLs did not properly check the requested URL to verify that it corresponds to a static media file used by Django. As such, a carefully-crafted URL can cause the development server to serve any file to which it has read access. . <http://www.djangoproject.com/weblog/2009/jul/28/security/> Checksums-Sha1: 853a69b3a6c5b7e6d8113300ca5daa9ae93b0602 1606 python-django_1.0.2-1+lenny1.dsc f2d9088f17aff47ea17e5767740cab67b2a73b6b 4649433 python-django_1.0.2.orig.tar.gz 8c5ce9095b8e68e5e06a734f0ab8c3b57de7cb63 15074 python-django_1.0.2-1+lenny1.diff.gz 55bc9af48b7b17495881ac0d8e75e43d3fcf0be1 4704274 python-django_1.0.2-1+lenny1_all.deb Checksums-Sha256: eaea5115fc5e43e487e8e30785084d7707ba5a0c82b881b5c0439de1beb5397f 1606 python-django_1.0.2-1+lenny1.dsc 50a5d228743a69a682899b20141194bf8fd3fd75eaf33ba5f2932f43ea93ea0d 4649433 python-django_1.0.2.orig.tar.gz cfcdbb5e48ae07a36d82028f6f4a14278c9749c638db486c75c4ed58a17966e0 15074 python-django_1.0.2-1+lenny1.diff.gz bd41ecacec4653f999e9e6f7ced2ec49b5eeb171ff39c02c30bd124063ac0832 4704274 python-django_1.0.2-1+lenny1_all.deb Files: 68232b6343d631cd5cf7776d7e574f09 1606 python optional python-django_1.0.2-1+lenny1.dsc 89353e3749668778f1370d2e444f3adc 4649433 python optional python-django_1.0.2.orig.tar.gz 9e54cef320ce7d274f691ad8d11084b2 15074 python optional python-django_1.0.2-1+lenny1.diff.gz a069a680667fe04419621312634d25ec 4704274 python optional python-django_1.0.2-1+lenny1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpxwpMACgkQ5/8uW2NPmiB9kwCePmfFkods2yLOl7jRuh0+na0F ifMAnib70VvOsz7WD9zH+REm5DDwqAW0 =ZwWR -----END PGP SIGNATURE----- Accepted: python-django_1.0.2-1+lenny1.diff.gz to pool/main/p/python-django/python-django_1.0.2-1+lenny1.diff.gz python-django_1.0.2-1+lenny1.dsc to pool/main/p/python-django/python-django_1.0.2-1+lenny1.dsc python-django_1.0.2-1+lenny1_all.deb to pool/main/p/python-django/python-django_1.0.2-1+lenny1_all.deb