Ubuntu
python-django package

python-django 1.1.1-2ubuntu1.10 source package in Ubuntu

Changelog

python-django (1.1.1-2ubuntu1.10) lucid-security; urgency=medium

  * SECURITY UPDATE: unexpected code execution using reverse()
    (LP: #1309779)
    - debian/patches/CVE-2014-0472.patch: added filtering to
      django/core/urlresolvers.py, added tests to
      tests/regressiontests/urlpatterns_reverse/nonimported_module.py,
      tests/regressiontests/urlpatterns_reverse/tests.py,
      tests/regressiontests/urlpatterns_reverse/urls.py,
      tests/regressiontests/urlpatterns_reverse/views.py.
    - CVE-2014-0472
  * SECURITY UPDATE: caching of anonymous pages could reveal CSRF token
    (LP: #1309782)
    - debian/patches/CVE-2014-0473.patch: don't cache responses with a
      cookie in django/middleware/cache.py, backport has_vary_header() to
      django/utils/cache.py.
    - CVE-2014-0473
  * SECURITY UPDATE: MySQL typecasting issue (LP: #1309784)
    - debian/patches/CVE-2014-0474.patch: convert arguments to correct
      type in django/db/models/fields/__init__.py, added tests to
      tests/regressiontests/model_fields/tests.py.
    - CVE-2014-0474
 -- Marc Deslauriers <email address hidden>   Sat, 19 Apr 2014 11:21:00 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Lucid
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
python
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Lucid: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
python-django_1.1.1.orig.tar.gz 5.4 MiB d65b18319496fc4923b37fdb736e5ba1a90a3a18e2d7eaac7f3ad30738d1f6e4
python-django_1.1.1-2ubuntu1.10.diff.gz 71.4 KiB 3e4abc3f1220c947a708d1ed9a76c3a23b74ff011abb2880c37c44fcf04b4c79
python-django_1.1.1-2ubuntu1.10.dsc 2.2 KiB f8c5375dd3ca7e16d0dde64bc8661a5d65365f7f389f682148571e2514f4bd08

View changes file

Binary packages built by this source

python-django: No summary available for python-django in ubuntu lucid.

No description available for python-django in ubuntu lucid.

python-django-doc: No summary available for python-django-doc in ubuntu lucid.

No description available for python-django-doc in ubuntu lucid.