-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 10 Oct 2009 10:33:24 +0100 Source: python-django Binary: python-django Architecture: source all Version: 1.0.2-1+lenny2 Distribution: stable-security Urgency: high Maintainer: Brett Parker <iDunno@sommitrealweird.co.uk> Changed-By: Chris Lamb <lamby@debian.org> Description: python-django - A high-level Python Web framework Closes: 550457 Changes: python-django (1.0.2-1+lenny2) stable-security; urgency=high . * Add patch to fix remote denial of service by exploiting pathological performance of regular expressions (Closes: #550457) . Upstream writes: . SECURITY ALERT: Corrected regular expressions for URL and email fields. . Certain email addresses/URLs could trigger a catastrophic backtracking situation, causing 100% CPU and server overload. If deliberately triggered, this could be the basis of a denial-of-service attack. . <http://www.djangoproject.com/weblog/2009/oct/09/security/> Checksums-Sha1: 466095f33104f5379f4a00619c37404cc48a9875 1606 python-django_1.0.2-1+lenny2.dsc f2d9088f17aff47ea17e5767740cab67b2a73b6b 4649433 python-django_1.0.2.orig.tar.gz f9e69917b7555014724957707f1fe775fd11e5aa 15789 python-django_1.0.2-1+lenny2.diff.gz 648979e26b4d850626538d27f6365942acd26048 4706950 python-django_1.0.2-1+lenny2_all.deb Checksums-Sha256: 4848234afbdb076d8dc4156b1424df1d12f30a218038030cefc214cb19a7bbd0 1606 python-django_1.0.2-1+lenny2.dsc 50a5d228743a69a682899b20141194bf8fd3fd75eaf33ba5f2932f43ea93ea0d 4649433 python-django_1.0.2.orig.tar.gz 27239a86821dde3e9e843ebc744040a0515c81b362273d9d8cc962c8e83b3076 15789 python-django_1.0.2-1+lenny2.diff.gz e1e5258f4ac75e42c9ade6eb68fe537ac52fe5500c6a6bc605253e5476cb67a6 4706950 python-django_1.0.2-1+lenny2_all.deb Files: 7d335038ed1c10264a8ae9089574397c 1606 python optional python-django_1.0.2-1+lenny2.dsc 89353e3749668778f1370d2e444f3adc 4649433 python optional python-django_1.0.2.orig.tar.gz 586cdeaa9d99dc74240a16d1c40803fb 15789 python optional python-django_1.0.2-1+lenny2.diff.gz f01133963dbac73a87e9a209f85cb38d 4706950 python optional python-django_1.0.2-1+lenny2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkrQXksACgkQ5/8uW2NPmiDlWQCeOn6qOAvqreyQ9eO+xGpvHUpO QvgAoJaqaz1XTSydUpu8ce9YrwS3yK9L =kWDt -----END PGP SIGNATURE----- Accepted: python-django_1.0.2-1+lenny2.diff.gz to pool/main/p/python-django/python-django_1.0.2-1+lenny2.diff.gz python-django_1.0.2-1+lenny2.dsc to pool/main/p/python-django/python-django_1.0.2-1+lenny2.dsc python-django_1.0.2-1+lenny2_all.deb to pool/main/p/python-django/python-django_1.0.2-1+lenny2_all.deb