A happy new year to all of you! I'd like to provide some additional information on CVE-2011-4356. [0] states that it affects django-celery but this is just an integration package between django and celery. The CVE itself would have only affected celery (and it's binary package python-celery). Upstream has fixed it in 2.4.4 [1] with 2.4.5 currently sitting in unstable and no package in testing or older. Right now I'm preparing celery-2.4.6 which includes a further fix to this CVE [2]. I hope this gives you enough information to update the tracker accordingly. [0] http://security-tracker.debian.org/tracker/CVE-2011-4356 [1] https://github.com/ask/celery/commit/b290f973ee768254c690751785b72935dd55cef6 [2] https://github.com/ask/celery/commit/902adadbe6c4f18df2cc1f7ad31635df6c968fd0 Cheers, -- Michael Fladischer <michael@fladi.at> Fladi.at
Attachment:
signature.asc
Description: This is a digitally signed message part