LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2008-7672 (Django)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 9 Update: Django-0.96.3-1.fc9


Date:
    	      Wed, 10 Sep 2008 06:40:54 +0000


Message-ID:
    	      <20080910064054.B0E53208DAC@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-7672
2008-09-05 11:00:03
--------------------------------------------------------------------------------

Name        : Django
Product     : Fedora 9
Version     : 0.96.3
Release     : 1.fc9
URL         : http://www.djangoproject.com/
Summary     : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.

--------------------------------------------------------------------------------
Update Information:

Update to upstream version 0.96.3 that fixes cross-site request forgery (CSRF)
issue that may occur after user re-authentication after expiration of current
session:    http://www.djangoproject.com/weblog/2008/sep/02/security/    This
issue also affected deployments with Django's bundled CSRF-protection module
activated.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep  2 2008 Michel Salim <salimma@fedoraproject.org> - 0.96.3-1
- CSRF security update: bz#460966
* Mon May 19 2008 Michel Salim <salimma@fedoraproject.org> - 0.96.2-1
- XSS security update: CVE-2008-2302 (bz# 442757-60)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #460966 - Django 0.96.3 Security fix released
        https://bugzilla.redhat.com/show_bug.cgi?id=460966
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update Django' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds