Summary: | dev-python/django < 0.96.3 cross-site request forgery (CSRF) (CVE-2008-3909) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Summers (RETIRED) <quantumsummers> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | python |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.djangoproject.com/weblog/2008/sep/02/security/ | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matt Summers (RETIRED)
2008-09-03 02:12:06 UTC
The update to 0.96 removes some (limited to expiration of sessions) functionality, but retains overall backwards compatibility. New tarball is here: http://www.djangoproject.com/download/0.96.3/tarball/ Bump of existing ebuild works. Python herd, please bump as necessary. Hello, dev-python/django-0.96.2 and 1.0 already in tree. Thanks Matt! Best regards, Thanks (fixing whiteboard). |