Ubuntu
python-django-piston package

  1. Maverick (10.10)
  2. Bug #884910
  3. Comment #6

Comment 6 for bug 884910

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-django-piston - 0.2.2-1ubuntu1.11.10.1

---------------
python-django-piston (0.2.2-1ubuntu1.11.10.1) oneiric-security; urgency=low

  * SECURITY UPDATE: remote code execution vulnerability. LP: #884910
    - 02-fix-yaml-load.diff: use yaml.safe_load
    - 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch
      thanks to Debian
    - https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
    - CVE-2011-4103
 -- Julian Taylor <email address hidden> Wed, 02 Nov 2011 19:18:12 +0100