This bug was fixed in the package python-django-piston - 0.2.2-1ubuntu1.11.10.1
--------------- python-django-piston (0.2.2-1ubuntu1.11.10.1) oneiric-security; urgency=low
* SECURITY UPDATE: remote code execution vulnerability. LP: #884910 - 02-fix-yaml-load.diff: use yaml.safe_load - 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch thanks to Debian - https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/ - CVE-2011-4103 -- Julian Taylor <email address hidden> Wed, 02 Nov 2011 19:18:12 +0100
This bug was fixed in the package python- django- piston - 0.2.2-1ubuntu1. 11.10.1
--------------- django- piston (0.2.2- 1ubuntu1. 11.10.1) oneiric-security; urgency=low
python-
* SECURITY UPDATE: remote code execution vulnerability. LP: #884910 yaml-load. diff: use yaml.safe_load pickle- load.diff: disable unpickling, backport from 0.2.3, patch /www.djangoproj ect.com/ weblog/ 2011/nov/ 01/piston- and-tastypie- security- releases/
- 02-fix-
- 03-fix-
thanks to Debian
- https:/
- CVE-2011-4103
-- Julian Taylor <email address hidden> Wed, 02 Nov 2011 19:18:12 +0100