python-django 1.1.1-2ubuntu1.13 source package in Ubuntu
Changelog
python-django (1.1.1-2ubuntu1.13) lucid-security; urgency=medium * SECURITY UPDATE: incorrect url validation in core.urlresolvers.reverse - debian/patches/CVE-2014-0480.patch: prevent reverse() from generating URLs pointing to other hosts in django/core/urlresolvers.py, added tests to tests/regressiontests/urlpatterns_reverse/{tests,urls}.py. - CVE-2014-0480 * SECURITY UPDATE: denial of service via file upload handling - debian/patches/CVE-2014-0481.patch: remove O(n) algorithm in django/core/files/storage.py, updated docs in docs/howto/custom-file-storage.txt, added tests to tests/modeltests/files/models.py, tests/regressiontests/file_storage/tests.py, backport get_random_string() to django/utils/crypto.py. - CVE-2014-0481 * SECURITY UPDATE: web session hijack via REMOTE_USER header - debian/patches/CVE-2014-0482.patch: modified RemoteUserMiddleware to logout on REMOTE_USE change in django/contrib/auth/middleware.py, added test to django/contrib/auth/tests/remote_user.py. - CVE-2014-0482 * SECURITY UPDATE: data leak in contrib.admin via query string manipulation - debian/patches/CVE-2014-0483.patch: validate to_field in django/contrib/admin/{options,exceptions}.py, django/contrib/admin/views/main.py, added tests to tests/regressiontests/admin_views/tests.py. - debian/patches/CVE-2014-0483-bug23329.patch: regression fix in django/contrib/admin/options.py, added tests to tests/regressiontests/admin_views/{models,tests}.py. - debian/patches/CVE-2014-0483-bug23431.patch: regression fix in django/contrib/admin/options.py, added tests to tests/regressiontests/admin_views/{models,tests}.py. - CVE-2014-0483 * debian/patches/fix_invalid_link_ftbfs.patch: remove test causing FTBFS. -- Marc Deslauriers <email address hidden> Wed, 10 Sep 2014 13:07:32 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Lucid
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
python-django_1.1.1.orig.tar.gz | 5.4 MiB | d65b18319496fc4923b37fdb736e5ba1a90a3a18e2d7eaac7f3ad30738d1f6e4 |
python-django_1.1.1-2ubuntu1.13.diff.gz | 82.2 KiB | f64fe291337a45feae2e7151e6f9276a05cd506fcb1abc83aa400272d76706df |
python-django_1.1.1-2ubuntu1.13.dsc | 2.2 KiB | 690bddc642a5eede853682287973b5fc562a25d43f795751322c9bb6c3e5a3c6 |
Available diffs
Binary packages built by this source
- python-django: No summary available for python-django in ubuntu lucid.
No description available for python-django in ubuntu lucid.
- python-django-doc: No summary available for python-django-doc in ubuntu lucid.
No description available for python-django-doc in ubuntu lucid.