Merge lp:~jtaylor/ubuntu/maverick/python-django-piston/fix-884910 into lp:ubuntu/maverick/python-django-piston
Proposed by
Julian Taylor
Status: | Needs review | ||||
---|---|---|---|---|---|
Proposed branch: | lp:~jtaylor/ubuntu/maverick/python-django-piston/fix-884910 | ||||
Merge into: | lp:ubuntu/maverick/python-django-piston | ||||
Diff against target: |
110 lines (+67/-2) 5 files modified
debian/changelog (+16/-0) debian/control (+3/-2) debian/patches/02-fix-yaml-load.diff (+18/-0) debian/patches/03-fix-pickle-load.diff (+28/-0) debian/patches/series (+2/-0) |
||||
To merge this branch: | bzr merge lp:~jtaylor/ubuntu/maverick/python-django-piston/fix-884910 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Jamie Strandboge | Approve | ||
Review via email:
|
Description of the change
security update, see linked bug
To post a comment you must log in.
Unmerged revisions
- 4. By Julian Taylor
-
* SECURITY UPDATE: remote code execution vulnerability. LP: #884910
- 02-fix-yaml-load. diff: use yaml.safe_load,
- 03-fix-pickle- load.diff: disable unpickling, backport from 0.2.3
- https://www.djangoproj ect.com/ weblog/ 2011/nov/ 01/piston- and-tastypie- security- releases/ - 3. By Joker Wild
-
debian/control: Bump Depends on python-oauth 1.0 since we don't
have 1.0.1 yet. Fixes install problem. (LP: #653480)