ports/139544: www/py-django: security issues

[Mickaël Guérin]

>Number:         139544
>Category:       ports
>Synopsis:       www/py-django: security issues
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 12 12:30:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Mickaël Guérin
>Release:        7.2
>Organization:
>Environment:
FreeBSD dev.domain.tld 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Tue May 5 19:31:18 MSKST 2009 root at dev.domain.tld:/usr/src/sys/amd64/compile/KERN amd64
>Description:
There's a security update that has been released

http://www.djangoproject.com/weblog/2009/oct/09/security/
>How-To-Repeat:

>Fix:
update to django 1.1.1

Patch attached with submission follows:

diff -cu py-django/Makefile /usr/ports/www/py-django/Makefile
--- py-django/Makefile  2009-10-12 12:19:14.000000000 +0000
+++ /usr/ports/www/py-django/Makefile   2009-08-01 13:17:58.000000000 +0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=      django
-PORTVERSION=   1.1.1
+PORTVERSION=   1.1
 CATEGORIES=    www python
 MASTER_SITES=  http://media.djangoproject.com/releases/${PORTVERSION}/ \
                http://www.cs.nctu.edu.tw/~lwhsu/ports/distfiles/
diff -cu py-django/distinfo /usr/ports/www/py-django/distinfo
--- py-django/distinfo  2009-10-12 12:22:49.000000000 +0000
+++ /usr/ports/www/py-django/distinfo   2009-08-01 13:17:58.000000000 +0000
@@ -1,3 +1,3 @@
-MD5 (python/Django-1.1.1.tar.gz) = d7839c192e115f9c4dd8777de24dc21c
-SHA256 (python/Django-1.1.1.tar.gz) = d65b18319496fc4923b37fdb736e5ba1a90a3a18e2d7eaac7f3ad30738d1f6e4
-SIZE (python/Django-1.1.1.tar.gz) = 5614106
+MD5 (python/Django-1.1.tar.gz) = b2d75b4457a39c405fa2b36bf826bf6b
+SHA256 (python/Django-1.1.tar.gz) = 578338be3288eff853039ad498297decdc3bb20265a0c4dee09efdf8e267c900
+SIZE (python/Django-1.1.tar.gz) = 5609609


>Release-Note:
>Audit-Trail:
>Unformatted: