Ubuntu
python-django-piston package

Merge lp://staging/~jtaylor/ubuntu/natty/python-django-piston/fix-884910 into lp://staging/ubuntu/natty/python-django-piston

  1. Natty (11.04)
  2. fix-884910
  3. Merge into natty
Proposed by Julian Taylor
Status: Needs review
Proposed branch: lp://staging/~jtaylor/ubuntu/natty/python-django-piston/fix-884910
Merge into: lp://staging/ubuntu/natty/python-django-piston
Diff against target: 80 lines (+57/-0)
4 files modified
debian/changelog (+9/-0)
debian/patches/02-fix-yaml-load.diff (+18/-0)
debian/patches/03-fix-pickle-load.diff (+28/-0)
debian/patches/series (+2/-0)
To merge this branch: bzr merge lp://staging/~jtaylor/ubuntu/natty/python-django-piston/fix-884910
Reviewer Review Type Date Requested Status
Jamie Strandboge Approve
Review via email: mp+81056@code.staging.launchpad.net

Description of the change

security update, see linked bug

To post a comment you must log in.
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was applied weeks ago.

review: Approve
Reply

Unmerged revisions

4. By Julian Taylor

* SECURITY UPDATE: remote code execution vulnerability. LP: #884910
   - 02-fix-yaml-load.diff: use yaml.safe_load,
   - 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3
   - https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches

to all changes: