python-django 1.2.3-1ubuntu0.2.10.10.3 source package in Ubuntu
Changelog
python-django (1.2.3-1ubuntu0.2.10.10.3) maverick-security; urgency=low * SECURITY UPDATE: session manipulation when using django.contrib.sessions with memory-based sessions and caching - debian/patches/CVE-2011-4136.patch: use namespace of cache to store keys for session instead of root namespace - CVE-2011-4136 * SECURITY UPDATE: potential denial of service and information disclosure in URLField - debian/patches/CVE-2011-4137+4138.patch: set verify_exists to False by default and use a timeout if available. - CVE-2011-4137, CVE-2011-4138 * SECURITY UPDATE: potential cache-poisoning via crafted Host header - debian/patches/CVE-2011-4139.patch: ignore X-Forwarded-Host header by default when constructing full URLs - CVE-2011-4139 * debian/patches/01_disable_url_verify_regression_tests.diff: remove the test_correct_url_but_nonexisting_gives_404() test from the modeltests/validation/tests.py too. Not sure how it passed before, but this makes the CVE-2011-4137+4138.patch consistent with our other releases since the upstream fix for CVE-2011-4137+4138.patch removed this test too. * More information on these issues can be found at: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ -- Jamie Strandboge <email address hidden> Wed, 07 Dec 2011 15:52:55 -0600
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Maverick
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- python
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
python-django_1.2.3.orig.tar.gz | 6.0 MiB | cb830f6038b78037647150d977f6cd5cf2bfd731f1788ecf8758a03c213a0f84 |
python-django_1.2.3-1ubuntu0.2.10.10.3.debian.tar.gz | 31.6 KiB | b30545f312eba6117bb997d5f8c334fdd834fc0441de38a7bc8d82629ce0f9b0 |
python-django_1.2.3-1ubuntu0.2.10.10.3.dsc | 2.2 KiB | 6a6e320dc361b713f2b758150d0fdc6fda0e6c1535b7dad8f8ac23154be9e0fe |
Available diffs
Binary packages built by this source
- python-django: No summary available for python-django in ubuntu maverick.
No description available for python-django in ubuntu maverick.
- python-django-doc: No summary available for python-django-doc in ubuntu maverick.
No description available for python-django-doc in ubuntu maverick.