This bug was fixed in the package python-django-piston - 0.2.2-1ubuntu0.2
--------------- python-django-piston (0.2.2-1ubuntu0.2) maverick-security; urgency=low
* SECURITY UPDATE: remote code execution vulnerability. LP: #884910 - 02-fix-yaml-load.diff: use yaml.safe_load - 03-fix-pickle-load.diff: disable unpickling, backport from 0.2.3, patch thanks to Debian - https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/ - Ubuntu patch thanks to Julian Taylor <email address hidden> - CVE-2011-4103 -- Jamie Strandboge <email address hidden> Wed, 09 Nov 2011 10:04:28 -0600
This bug was fixed in the package python- django- piston - 0.2.2-1ubuntu0.2
--------------- django- piston (0.2.2-1ubuntu0.2) maverick-security; urgency=low
python-
* SECURITY UPDATE: remote code execution vulnerability. LP: #884910 yaml-load. diff: use yaml.safe_load pickle- load.diff: disable unpickling, backport from 0.2.3, patch /www.djangoproj ect.com/ weblog/ 2011/nov/ 01/piston- and-tastypie- security- releases/
- 02-fix-
- 03-fix-
thanks to Debian
- https:/
- Ubuntu patch thanks to Julian Taylor <email address hidden>
- CVE-2011-4103
-- Jamie Strandboge <email address hidden> Wed, 09 Nov 2011 10:04:28 -0600