FYI there is an security issue found in django 1.2.1. A fix has been applied to django 1.2.2: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
Summary from $URL: The provided template tag for inserting the CSRF token into forms -- {% csrf_token %} -- explicitly trusts the cookie value, and displays it as-is. Thus, an attacker who is able to tamper with the value of the CSRF cookie can cause arbitrary content to be inserted, unescaped, into the outgoing HTML of the form, enabling cross-site scripting (XSS) attacks. Affected versions: =dev-python/django-1.2* (~arch only)
Django 1.2.3 has been released. This release deals with some issues caused by Django 1.2.2. See http://www.djangoproject.com/weblog/2010/sep/10/123/
dev-python/django-1.2.3 has been added to the tree. Vulnerable versions have been deleted.
thanks, closing without glsa.