Re: CVE-2011-4356: Affects celery only, not django-celery

To: Michael Fladischer <michael@fladi.at>
Cc: debian-security-tracker@lists.debian.org, Faidon Liambotis <paravoid@debian.org>
Subject: Re: CVE-2011-4356: Affects celery only, not django-celery
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 2 Jan 2012 19:39:16 +0100
Message-id: <[🔎] 20120102183916.GB4780@pisco.westfalen.local>
In-reply-to: <[🔎] 1325504775.3300.8.camel@kuat.home.fladi.at>
References: <[🔎] 1325504775.3300.8.camel@kuat.home.fladi.at>

On Mon, Jan 02, 2012 at 12:46:15PM +0100, Michael Fladischer wrote:
> A happy new year to all of you!
> 
> I'd like to provide some additional information on CVE-2011-4356.
> [0] states that it affects django-celery but this is just an integration
> package between django and celery. The CVE itself would have only
> affected celery (and it's binary package python-celery). Upstream has
> fixed it in 2.4.4 [1] with 2.4.5 currently sitting in unstable and no
> package in testing or older. Right now I'm preparing celery-2.4.6 which
> includes a further fix to this CVE [2].
> I hope this gives you enough information to update the tracker
> accordingly.

Thanks for contacting us.

Michael Gilbert already fixed the django-celery entry. We'll record
2.4.6 as the fixed version once it has been uploaded.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: CVE-2011-4356: Affects celery only, not django-celery
  - From: Faidon Liambotis <paravoid@debian.org>

References:
- CVE-2011-4356: Affects celery only, not django-celery
  - From: Michael Fladischer <michael@fladi.at>

Prev by Date: CVE-2011-4356: Affects celery only, not django-celery
Next by Date: Re: CVE-2011-4356: Affects celery only, not django-celery
Previous by thread: CVE-2011-4356: Affects celery only, not django-celery
Next by thread: Re: CVE-2011-4356: Affects celery only, not django-celery
Index(es):
- Date
- Thread